VinceT
2011-Mar-14 21:51 UTC
[Puppet Users] managing netgroups in /etc/passwd user resources?
Hi, I''d like to maintain netgroup entries in the /etc/passwd, /etc/shadow files to allow all unix admins loging access and default setup nologin for every non-authorized user. +@unixoperators:x::::: +:x:::::/opt/script/nologin I saw a thread about this online, but not a definitive resolution - not sure if the user resource type is the right way to implement this currently or to try to handle via file resources.... Vince -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Vince Taluskie
2011-Mar-16 21:27 UTC
[Puppet Users] Re: managing netgroups in /etc/passwd user resources?
To answer my question: I looked around in the archives further on this
question and someone suggested to use augeas (which doesn''t seem to
have a passwd file lens) or concat option. I ended up writing a
script to idempotently add entries if they were missing as an exec
resource - which works for us. There are a number of shops that want
to use netgroup syntax its a pity the native OS commands don''t appear
to support that syntax otherwise this would be easier...
Vince
<snippet below>
class passwd {
exec {"/opt/script/puppet/ensure_pw_present.pl +:x:::::/opt/script/
nologin":
path => "/usr/bin:/bin",
command => "perl /opt/script/puppet/ensure_pw_present.pl +:x:::::/opt/
script/nologin",
require => File["/opt/script/puppet/ensure_pw_present.pl"],
onlyif => "grep -v +:x:::::/opt/script/nologin /etc/passwd",
user => root,
}
exec {"/opt/script/puppet/ensure_pw_present.pl
+@unixoperators:x:::::":
path => "/usr/bin:/bin",
command => "perl /opt/script/puppet/ensure_pw_present.pl
+@unixoperators:x:::
::",
require => File["/opt/script/puppet/ensure_pw_present.pl"],
onlyif => "grep -v +@unixoperators:x::::: /etc/passwd",
user => root,
before => Exec[''/opt/script/puppet/ensure_pw_present.pl
+:x:::::/opt/
script/nologin''],
}
On Mar 14, 3:51 pm, VinceT <vgtalus...@gmail.com>
wrote:> Hi,
>
> I''d like to maintain netgroup entries in the /etc/passwd,
/etc/shadow
> files to allow all unix admins loging access and default setup nologin
> for every non-authorized user.
>
> +@unixoperators:x:::::
> +:x:::::/opt/script/nologin
>
> I saw a thread about this online, but not a definitive resolution -
> not sure if the user resource type is the right way to implement this
> currently or to try to handle via file resources....
>
> Vince
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.