Kenneth Holter
2011-Nov-25 07:53 UTC
[Puppet Users] Host home directory from Puppetmaster if users exists
Hi all, When our LDAP users log into a server for the first time, PAM creates their home directory. We use Puppet to define which groups of users (i.e. LDAP groups) than may log into the server, by setting a parameter ldap_allowed_users in Puppet Dashboard for the specific server. Our ldap_allowed_users is a string than may contain multiple groups such as "linuxadmins oracleadmins networkadmins". Now, what I''d like to get working is having puppet host some of the users'' home directory files such as .bash_profile. So for example if Puppet could start hosting those files for users that have access to the server that would be great. Puppet could either extract the users names based on the groups listed in ldap_allowed_users, or based on the existance of their home directories. The latter would cause a (small) delay from the users logs in the first time to puppet starts hosting the files, but I''m pretty sure our users would be ok with that. So, does anyone have a idea as to how to get kind of thing working? Best regards, Kenneth Holter -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Richard Clark
2011-Nov-25 11:10 UTC
Re: [Puppet Users] Host home directory from Puppetmaster if users exists
On Fri, Nov 25, 2011 at 08:53:43AM +0100, Kenneth Holter wrote:> Hi all, > > > When our LDAP users log into a server for the first time, PAM creates > their home directory. We use Puppet to define which groups of users > (i.e. LDAP groups) than may log into the server, by setting a > parameter ldap_allowed_users in Puppet Dashboard for the specific > server. Our ldap_allowed_users is a string than may contain multiple > groups such as "linuxadmins oracleadmins networkadmins". > > Now, what I''d like to get working is having puppet host some of the > users'' home directory files such as .bash_profile. So for example if > Puppet could start hosting those files for users that have access to > the server that would be great. Puppet could either extract the users > names based on the groups listed in ldap_allowed_users, or based on > the existance of their home directories. The latter would cause a > (small) delay from the users logs in the first time to puppet starts > hosting the files, but I''m pretty sure our users would be ok with > that. > > So, does anyone have a idea as to how to get kind of thing working? > > > Best regards, > Kenneth HolterIf it''s just generic files and not user-specific: Have puppet manage those files in /etc/skel, the contents of which is used to populate new home directories created my pam_mkhomedir. -- Richard Clark richard@fohnet.co.uk
Kenneth Holter
2011-Nov-29 12:20 UTC
Re: [Puppet Users] Host home directory from Puppetmaster if users exists
Thanks for your reply. The files are user-specific, so the suggested approach will not work very well. But it''s a neat solution for generic files. Kenneth On Fri, Nov 25, 2011 at 12:10 PM, Richard Clark <noc@fohnet.co.uk> wrote:> On Fri, Nov 25, 2011 at 08:53:43AM +0100, Kenneth Holter wrote: >> Hi all, >> >> >> When our LDAP users log into a server for the first time, PAM creates >> their home directory. We use Puppet to define which groups of users >> (i.e. LDAP groups) than may log into the server, by setting a >> parameter ldap_allowed_users in Puppet Dashboard for the specific >> server. Our ldap_allowed_users is a string than may contain multiple >> groups such as "linuxadmins oracleadmins networkadmins". >> >> Now, what I''d like to get working is having puppet host some of the >> users'' home directory files such as .bash_profile. So for example if >> Puppet could start hosting those files for users that have access to >> the server that would be great. Puppet could either extract the users >> names based on the groups listed in ldap_allowed_users, or based on >> the existance of their home directories. The latter would cause a >> (small) delay from the users logs in the first time to puppet starts >> hosting the files, but I''m pretty sure our users would be ok with >> that. >> >> So, does anyone have a idea as to how to get kind of thing working? >> >> >> Best regards, >> Kenneth Holter > > If it''s just generic files and not user-specific: > > Have puppet manage those files in /etc/skel, the contents of which is > used to populate new home directories created my pam_mkhomedir. > > > > -- > Richard Clark > richard@fohnet.co.uk > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAk7Pd6AACgkQp6c03gd+P793AQCcCgTkPfHgfavnMefzQ3KmLIAW > Ms0AnRmRZmbGX0ZP17rTVgzpql3DVlaA > =jrjG > -----END PGP SIGNATURE----- > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.