chsec – Modify AIX stanza files

Synopsis

Modify stanza attributes to AIX config files using the chsec command.

Requirements

The below requirements are needed on the host that executes this module.

  • AIX

  • Python >= 2.7

  • Privileged user with authorizations

Parameters

file (True, path, None)

File path to the stanza file.

stanza (True, str, None)

Name of stanza to modify attributes of

attrs (True, raw, None)

A dict of key/value pairs to be changed

If the value is true/false, ensure to quote it to avoid bool interpretation.

state (optional, str, present)

If set to present all given attrs values will be set.

If set to absent all attrs provided will be un-set, regardless of value provided. - NB, this does not remove the entire stanza, only the provided attrs will be removed. - To remove a single attribute from the stanza set to present and set key to an empty value (key=).

All rules/allowed file-stanza combos/allowed files for the AIX chsec command apply here.

See Also

See also

The chsec manual page from the IBM Knowledge Center

Changes the attributes in the security stanza files.

The lssec manual page from the IBM Knowledge Center

Lists attributes in the security stanza files.

Examples

- name: Add an LDAP user stanza
  chsec:
    file: /etc/security/user
    stanza: ldapuser
    attrs:
      SYSTEM: LDAP
      registry: LDAP
    state: present
- name: Change login times for user
  chsec:
    file: /etc/security/user
    stanza: ldapuser
    attrs:
      logintimes: :0800-1700
    state: present
- name: Remove registry attribute from stanza
  chsec:
    file: /etc/security/user
    stanza: ldapuser
    attrs:
      SYSTEM: LDAP
      registry: null
    state: present
- name: Lock System User Accounts
  chsec:
    path: /etc/security/user
    stanza: "{{ item }}"
    attrs:
      account_locked: "true"
      login: "false"
      rlogin: "false"
    state: present
  loop:
    - "adm"
    - "guest"
    - "invscout"
    - "ipsec"
    - "snapp"
    - "srvproxy"
    - "uucp"

Return Values

changed (always, bool, False)

Was this value changed

msg (always, str, Invalid parameter: install_list cannot be empty)

The execution message.

file (always, str, )

The file being modified

stanza (always, str, )

The stanza in file being modified

attrs (always, dict, )

For each attribute provided in the ‘attrs’ section, an entry (below) is returned

cmd (Only if attr requires change, str, )

Command that is run to update attr

stdout (only when cmd is run, str, )

The standard output of the command.

stderr (only when cmd is run, str, )

The standard error of the command.

rc (only when cmd is run, int, )

The command return code.

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • Christian Tremel (@flynn1973)

  • David Little (@d-little)

  • Stephen Ulmer (@stephenulmer)