On Jul 5, 2007, at 9:17 AM, Brent Clements wrote:
> Please disregard my question about puppet user disablement
> functionality.
>
> Here is what I have so far. Can someone tell me if the syntax and
> constructs look correct?
>
> The goal. I want to have a function that disables a user. For each
> user listed, if the user is present, then disable that user.
>
> Here is my class file. /etc/puppet/classes/users.pp
>
> class users {
>
> define disableuser($user) { exec { "passwd -l $user":} }
>
> user {"lp": ensure => ? present { disableuser("lp"}
}
>
> }
You''re going to want your definition to use $name instead of an
argument, and it needs to be idempotent:
define disableuser() {
exec { "/usr/bin/passwd -l $name": unless =>
"/usr/bin/passwd -S
$name | grep ''$name L''" }
}
This way the user will only get locked if it is not already locked.
Really, though, it shouldn''t be that hard to add
''locked'' as a valid
value to ''ensure'', so you could just do:
user { whomever: ensure => locked }
If you can send me a patch that retrieves that current lock state and
sets it (e.g., ''locked?'' and ''lock'' methods)
on the provider, then I
can incorporate them into the type. Tests would be needed, too.
--
You don''t learn anything the second time you''re kicked by a
mule.
-- Anonymous Texan
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com