Create users with Puppet

In today’s post I want to show you a simple Puppet recipe for creating Users, setting an initial password and force the user to change it after the first Login.
If you are not familiar with Puppet please check the website of this great project.


define users ( $state, $id, $uid, $gid, $pass, $realname, $sgroups) {
	user { $id:
			ensure => $state,
			uid => $uid,
			gid => $gid,
			shell => "/bin/bash",
			home => "/home/$id",
			comment => $realname,
			managehome => true,
			groups => $sgroups,
			password_max_age => '90',

	case $::osfamily {
			RedHat: {$action = "/bin/sed -i -e 's/$id:!!:/$id:$pass:/g' /etc/shadow; chage -d 0 $id"}
			Debian: {$action = "/bin/sed -i -e 's/$id:x:/$id:$pass:/g' /etc/shadow; chage -d 0 $id"}

	exec { "$action":
			path => "/usr/bin:/usr/sbin:/bin",
			onlyif => "egrep -q  -e '$id:!!:' -e '$id:x:' /etc/shadow",
			require => User[$id]


users{ 'xyz': state => 'present', id => 'xyz', uid => '10001', gid => '10001', pass => '$1$qj3Ks0$pNT55P98zsdJE5GeRUdHh0', realname => 'XZY YZX', sgroups => ['audio']}

The user variables should be clear and easy to understand.
Depending on your system (Debian or RedHat) the exec part sets your initial password (provided in nodes.pp) and expires the account/password so the user has to change the password after her/his first login.