From 2a464d3dc331c6873bc6417d47e9e358a967b815 Mon Sep 17 00:00:00 2001 From: Jason Wolfe Date: Tue, 14 Oct 2014 17:22:38 -0700 Subject: [PATCH 1/2] By default, Salt will remove any groups not listed, so a users groups matches exactly the list you pass. This was added here: https://github.com/saltstack/salt/issues/2142 This has been causing issues for many people, as the remove_groups options is undocumented. In the 2014.7 release this is changing, and remove_groups will default to false: https://github.com/saltstack/salt/issues/13276 I'm going with false by default, as it's our use case and it will soon be the default. If people believe this module should default to true and remove groups not listed, I think that's open for discussion, but we should at least add the option. --- users/init.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/users/init.sls b/users/init.sls index 2638da5..1efd969 100644 --- a/users/init.sls +++ b/users/init.sls @@ -58,6 +58,9 @@ {% if not user.get('createhome', True) %} - createhome: False {% endif %} + {% if not user.get('remove_groups', True) %} + - remove_groups: False + {% endif %} - groups: - {{ user_group }} {% for group in user.get('groups', []) -%} From a899ee85ec5bbeb8d94066d62b37ab846aa067a0 Mon Sep 17 00:00:00 2001 From: Jason Wolfe Date: Tue, 14 Oct 2014 17:53:12 -0700 Subject: [PATCH 2/2] Make sure the logic stands after the default in salt is changed --- users/init.sls | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index 1efd969..30ea466 100644 --- a/users/init.sls +++ b/users/init.sls @@ -58,7 +58,9 @@ {% if not user.get('createhome', True) %} - createhome: False {% endif %} - {% if not user.get('remove_groups', True) %} + {% if user.get('remove_groups', True) %} + - remove_groups: True + {% else %} - remove_groups: False {% endif %} - groups: