inspec/docs/resources/users.md.erb

---
title: About the users Resource
platform: os
---

# users

Use the `users` Chef InSpec audit resource to look up all local users available on the system, and then test specific properties of those users. This resource does not return information about users that may be located on other systems, such as LDAP or Active Directory.

<br>

## Availability

### Installation

This resource is distributed along with Chef InSpec itself. You can use it automatically.

### Version

This resource first became available in v1.0.0 of InSpec.

## Syntax

A `users` resource block declares a user name, and then one (or more) matchers:

    describe users.where(uid: 0).entries do
      it { should eq ['root'] }
      its('uids') { should eq [1234] }
      its('gids') { should eq [1234] }
    end

where

* `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, and `warndays` are valid matchers for this resource
* `where(uid: 0).entries` represents a filter that runs the test only against matching users

For example:

    describe users.where { username =~ /.*/ } do
      it { should exist }
    end

or:

    describe users.where { uid =~ /^S-1-5-[0-9-]+-501$/ } do
      it { should exist }
    end

<br>

## Examples

The following examples show how to use this Chef InSpec audit resource.

### Use a regular expression to find users

    describe users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-500/ } do
      it { should exist }
    end

<br>

## Matchers

For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

### exist

The `exist` matcher tests if the named user exists:

    it { should exist }

### gid

The `gid` matcher tests the group identifier:

    its('gid') { should eq 1234 } }

where `1234` represents the user identifier.

### group

The `group` matcher tests the group to which the user belongs:

    its('group') { should eq 'root' }

where `root` represents the group.

### groups

The `groups` matcher tests two (or more) groups to which the user belongs:

    its('groups') { should eq ['root', 'other']}

### home

The `home` matcher tests the home directory path for the user:

    its('home') { should eq '/root' }

### maxdays

The `maxdays` matcher tests the maximum number of days between password changes:

    its('maxdays') { should eq 99 }

where `99` represents the maximum number of days.

### mindays

The `mindays` matcher tests the minimum number of days between password changes:

    its('mindays') { should eq 0 }

where `0` represents the maximum number of days.

### shell

The `shell` matcher tests the path to the default shell for the user:

    its('shells') { should eq ['/bin/bash'] }

### uid

The `uid` matcher tests the user identifier:

    its('uid') { should eq 1234 } }

where `1234` represents the user identifier.

### warndays

The `warndays` matcher tests the number of days a user is warned before a password must be changed:

    its('warndays') { should eq 5 }

where `5` represents the number of days a user is warned.
add all partials for resources 2016-09-22 12:43:57 +00:00			`---`
			`title: About the users Resource`
Add `platform` tags and remove trailing whitespace (#2654) Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com> 2018-02-16 00:28:15 +00:00			`platform: os`
add all partials for resources 2016-09-22 12:43:57 +00:00			`---`

			`# users`

Update software name from InSpec to Chef Inspec Signed-off-by: IanMadd <maddaus@protonmail.com> 2019-04-26 18:24:29 +00:00			Use the `users` Chef InSpec audit resource to look up all local users available on the system, and then test specific properties of those users. This resource does not return information about users that may be located on other systems, such as LDAP or Active Directory.
add all partials for resources 2016-09-22 12:43:57 +00:00
Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`<br>`

Clean injection of Availability section (#3206) Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2018-08-09 12:34:49 +00:00			`## Availability`

			`### Installation`

Update software name from InSpec to Chef Inspec Signed-off-by: IanMadd <maddaus@protonmail.com> 2019-04-26 18:24:29 +00:00			`This resource is distributed along with Chef InSpec itself. You can use it automatically.`
Clean injection of Availability section (#3206) Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> 2018-08-09 12:34:49 +00:00
			`### Version`

			`This resource first became available in v1.0.0 of InSpec.`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`## Syntax`
add all partials for resources 2016-09-22 12:43:57 +00:00
			A `users` resource block declares a user name, and then one (or more) matchers:

			`describe users.where(uid: 0).entries do`
			`it { should eq ['root'] }`
			`its('uids') { should eq [1234] }`
			`its('gids') { should eq [1234] }`
			`end`

			`where`

			* `gid`, `group`, `groups`, `home`, `maxdays`, `mindays`, `shell`, `uid`, and `warndays` are valid matchers for this resource
			* `where(uid: 0).entries` represents a filter that runs the test only against matching users

			`For example:`

			`describe users.where { username =~ /.*/ } do`
			`it { should exist }`
			`end`

			`or:`

			`describe users.where { uid =~ /^S-1-5-[0-9-]+-501$/ } do`
			`it { should exist }`
			`end`

Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`<br>`
add all partials for resources 2016-09-22 12:43:57 +00:00
Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`## Examples`
add all partials for resources 2016-09-22 12:43:57 +00:00
Update software name from InSpec to Chef Inspec Signed-off-by: IanMadd <maddaus@protonmail.com> 2019-04-26 18:24:29 +00:00			`The following examples show how to use this Chef InSpec audit resource.`
add all partials for resources 2016-09-22 12:43:57 +00:00
Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`### Use a regular expression to find users`
add all partials for resources 2016-09-22 12:43:57 +00:00
Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`describe users.where { uid =~ /S\-1\-5\-21\-\d+\-\d+\-\d+\-500/ } do`
			`it { should exist }`
			`end`
add all partials for resources 2016-09-22 12:43:57 +00:00
Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`<br>`
add all partials for resources 2016-09-22 12:43:57 +00:00
Resource documentation update (#2207) Light formatting changes, change order of example and matchers, slight color changes Signed-off-by: hannah-radish <hmaddy@chef.io> 2017-10-03 21:35:10 +00:00			`## Matchers`
add all partials for resources 2016-09-22 12:43:57 +00:00
Add one comma in all docs & deletes two repeated sentences. (#2658) Signed-off-by: kagarmoe <kgarmoe@chef.io> 2018-02-16 03:07:18 +00:00			`For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).`
add all partials for resources 2016-09-22 12:43:57 +00:00
Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### exist`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `exist` matcher tests if the named user exists:

			`it { should exist }`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### gid`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `gid` matcher tests the group identifier:

			`its('gid') { should eq 1234 } }`

			where `1234` represents the user identifier.

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### group`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `group` matcher tests the group to which the user belongs:

			`its('group') { should eq 'root' }`

			where `root` represents the group.

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### groups`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `groups` matcher tests two (or more) groups to which the user belongs:

			`its('groups') { should eq ['root', 'other']}`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### home`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `home` matcher tests the home directory path for the user:

			`its('home') { should eq '/root' }`

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### maxdays`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `maxdays` matcher tests the maximum number of days between password changes:

			`its('maxdays') { should eq 99 }`

			where `99` represents the maximum number of days.

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### mindays`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `mindays` matcher tests the minimum number of days between password changes:

			`its('mindays') { should eq 0 }`

			where `0` represents the maximum number of days.

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### shell`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `shell` matcher tests the path to the default shell for the user:

Update Resource documentation for Users Resource (#2954) The `shell` matcher have to be `shells` and expects an array. Wrong: `its('shell') { should eq "/sbin/nologin" }` Got error: ``` × Users with username =~ /stockservice-./ shell undefined method 'shell' for Users with username =~ /stockservice-./:#<Class:0x000055c2471fa900> Did you mean? shells ``` Correct: its('shells') { should eq ["/sbin/nologin"] } I think it's an documentation mistake. ----------------------------------------- $ inspec --version 2.1.43 Signed-off-by: Axel Kummer <axel.kummer@netresearch.de> 2018-04-19 17:06:20 +00:00			`its('shells') { should eq ['/bin/bash'] }`
add all partials for resources 2016-09-22 12:43:57 +00:00
Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### uid`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `uid` matcher tests the user identifier:

			`its('uid') { should eq 1234 } }`

			where `1234` represents the user identifier.

Changing headings to align with SEO best practices Signed-off-by: David Wrede <dwrede@chef.io> 2016-09-27 19:03:23 +00:00			`### warndays`
add all partials for resources 2016-09-22 12:43:57 +00:00
			The `warndays` matcher tests the number of days a user is warned before a password must be changed:

			`its('warndays') { should eq 5 }`

			where `5` represents the number of days a user is warned.