Hi there, If I create a user, there seems to be no way to restrict it from being able to log in. Is there a simple way in which I can extend it to do that, or will I have to build my own define? It would also be useful to specify the user''s ssh keys and authorized keys, for example. I am also wondering how much effort it would be to add another provider for user (such as debian''s adduser as opposed to the useradd currently supported according to the docs). Thanks - Iwan
On Tue, Nov 20, 2007 at 03:05:34PM +0200, Iwan Vosloo wrote:> Hi there, > > If I create a user, there seems to be no way to restrict it from being > able to log in. Is there a simple way in which I can extend it to do > that, or will I have to build my own define?For systems which support it, setting the password value to ''!'' will prevent the account from logging in. On all systems you can also set the shell to /bin/false, although bear in mind this may still allow access to other services if you''ve set a password.> It would also be useful to specify the user''s ssh keys and authorized > keys, for example.You might want to take a look at the Authorized_keysRecipe on the wiki. I found it a bit over-engineered for my purposes, but there are useful bits you can take out of it even if you don''t use it all. -- Sam Bashton - Bashton Ltd, Manchester, England Linux Consultancy / VOIP Telephony / High Availability Systems www.bashton.com - 0161-424-9600 _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 20 November 2007, Iwan Vosloo wrote:> Hi there, > > If I create a user, there seems to be no way to restrict it from being > able to log in. Is there a simple way in which I can extend it to do > that, or will I have to build my own define? > > It would also be useful to specify the user''s ssh keys and authorized > keys, for example. > > I am also wondering how much effort it would be to add another provider > for user (such as debian''s adduser as opposed to the useradd currently > supported according to the docs).Not very much, look at lib/puppet/providers/user/ in the source. Things like ssh-keys or login restrictions are very platform dependant, while implementing it for a single distribution might be trivial, finding the right abstraction, supportable by most/all platforms, might not be. Patches welcome :) Regards, David - -- The primary freedom of open source is not the freedom from cost, but the free- dom to shape software to do what you want. This freedom is /never/ exercised without cost, but is available /at all/ only by accepting the very different costs associated with open source, costs not in money, but in time and effort. - -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHQuTK/Pp1N6Uzh0URAkG3AJ9R4wZHUnXxtsocwmkkcjvYA33mMwCcCn2F QRfXYfdSW7dTwQqHddlaRyI=ty8d -----END PGP SIGNATURE-----