The group module is used to create and manage group settings, groups can be
either present or absent. User/Group names can be passed to the
deluser can be used
together but not with
In Windows, if no domain is specified in the user or group name (i.e.
DOMAIN\username) the module will assume a local user or group.
cheese: group.present: - gid: 7648 - system: True - addusers: - user1 - users2 - delusers: - foo cheese: group.present: - gid: 7648 - system: True - members: - foo - bar - user1 - user2
Ensure that the named group is absent
name (str) -- The name of the group to remove
# Removes the local group `db_admin` db_admin: group.absent
present(name, gid=None, system=False, addusers=None, delusers=None, members=None)¶
Ensure that a group is present
name (str) -- The name of the group to manage
gid (str) -- The group id to assign to the named group; if left empty, then the next available group id will be assigned. Ignored on Windows
system (bool) -- Whether or not the named group is a system group. This is essentially the '-r' option of 'groupadd'. Ignored on Windows
addusers (list) -- List of additional users to be added as a group members. Cannot conflict with names in delusers. Cannot be used in conjunction with members.
delusers (list) -- Ensure these user are removed from the group membership. Cannot conflict with names in addusers. Cannot be used in conjunction with members.
members (list) -- Replace existing group members with a list of new members. Cannot be used in conjunction with addusers or delusers.
# Adds DOMAIN\db_admins and Administrators to the local db_admin group # Removes Users db_admin: group.present: - addusers: - DOMAIN\db_admins - Administrators - delusers: - Users # Ensures only DOMAIN\domain_admins and the local Administrator are # members of the local Administrators group. All other users are # removed Administrators: group.present: - members: - DOMAIN\domain_admins - Administrator