From 32d6b1d0e0b27d8e446eefd148e575813942e0b2 Mon Sep 17 00:00:00 2001 From: Martin Krizek Date: Mon, 18 Sep 2017 15:20:58 +0200 Subject: [PATCH] user: fix default non-system user's shell on macOS --- lib/ansible/modules/system/user.py | 8 ++++ test/integration/targets/become/tasks/su.yml | 12 ----- test/integration/targets/user/tasks/main.yml | 50 ++++++++++++++++++++ 3 files changed, 58 insertions(+), 12 deletions(-) diff --git a/lib/ansible/modules/system/user.py b/lib/ansible/modules/system/user.py index af7e3147e52..0d99dfcd158 100644 --- a/lib/ansible/modules/system/user.py +++ b/lib/ansible/modules/system/user.py @@ -76,6 +76,9 @@ options: required: false description: - Optionally set the user's shell. + - On Mac OS X, before version 2.5, the default shell for non-system users was + /usr/bin/false. Since 2.5, the default shell for non-system users on + Mac OS X is /bin/bash. home: required: false description: @@ -1763,6 +1766,11 @@ class DarwinUser(User): os.makedirs(self.home) self.chown_homedir(int(self.uid), int(self.group), self.home) + # dscl sets shell to /usr/bin/false when UserShell is not specified + # so set the shell to /bin/bash when the user is not a system user + if not self.system and self.shell is None: + self.shell = '/bin/bash' + for field in self.fields: if field[0] in self.__dict__ and self.__dict__[field[0]]: diff --git a/test/integration/targets/become/tasks/su.yml b/test/integration/targets/become/tasks/su.yml index e4d37a3959c..01e40b6aa74 100644 --- a/test/integration/targets/become/tasks/su.yml +++ b/test/integration/targets/become/tasks/su.yml @@ -4,18 +4,6 @@ become_method: su user: name: "{{ become_test_user }}" - when: ansible_distribution != "MacOSX" - - -- name: Create test user (become_method=su) - become: True - become_user: root - become_method: su - user: - name: "{{ become_test_user }}" - # explicitly set user shell since the default shell on OS X is /usr/bin/false - shell: /bin/bash - when: ansible_distribution == "MacOSX" - name: test becoming user (become_method=su) shell: whoami diff --git a/test/integration/targets/user/tasks/main.yml b/test/integration/targets/user/tasks/main.yml index 923f709671c..3d608a8fff7 100644 --- a/test/integration/targets/user/tasks/main.yml +++ b/test/integration/targets/user/tasks/main.yml @@ -108,3 +108,53 @@ assert: that: - '"ansibulluser" not in user_names2.stdout_lines' + + +- block: + - name: create non-system user on OSX to test the shell is set to /bin/bash + user: + name: osxuser + register: osxuser_output + + - name: validate the shell is set to /bin/bash + assert: + that: + - 'osxuser_output.shell == "/bin/bash"' + + - name: cleanup + user: + name: osxuser + state: absent + + - name: create system user on OSX to test the shell is set to /usr/bin/false + user: + name: osxuser + system: yes + register: osxuser_output + + - name: validate the shell is set to /usr/bin/false + assert: + that: + - 'osxuser_output.shell == "/usr/bin/false"' + + - name: cleanup + user: + name: osxuser + state: absent + + - name: create non-system user on OSX and set the shell to /bin/sh + user: + name: osxuser + shell: /bin/sh + register: osxuser_output + + - name: validate the shell is set to /bin/sh + assert: + that: + - 'osxuser_output.shell == "/bin/sh"' + + - name: cleanup + user: + name: osxuser + state: absent + when: ansible_distribution == "MacOSX"