I have a requirement to manage membership to groups in /etc/group. These members do not need to be virtual users. I don''t see a way to do this through virtual users @group. How are others doing this? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Christopher Wood
2011-Oct-17 22:18 UTC
Re: [Puppet Users] Managing entries in /etc/group (membership)
The user type allows you to specify supplemental groups (see the groups parameter). Is that what you were looking for? http://docs.puppetlabs.com/references/stable/type.html#user On Mon, Oct 17, 2011 at 03:04:26PM -0700, Forrie wrote:> I have a requirement to manage membership to groups in /etc/group. > These members do not need to be virtual users. I don''t see a way to > do this through virtual users @group. How are others doing this? > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Forrie
2011-Oct-17 22:48 UTC
[Puppet Users] Re: Managing entries in /etc/group (membership)
I want to manage the membership of the /etc/group entry -- this is just until we get things moved into LDAP -- so there aren''t any virtual users to be connected with it. I had thought there was a function to work with this, I could be mistaken. On Oct 17, 6:18 pm, Christopher Wood <christopher_w...@pobox.com> wrote:> The user type allows you to specify supplemental groups (see the groups parameter). Is that what you were looking for? > > http://docs.puppetlabs.com/references/stable/type.html#user > > > > > > > > On Mon, Oct 17, 2011 at 03:04:26PM -0700, Forrie wrote: > > I have a requirement to manage membership to groups in /etc/group. > > These members do not need to be virtual users. I don''t see a way to > > do this through virtual users @group. How are others doing this? > > > -- > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Christopher Wood
2011-Oct-17 22:50 UTC
Re: [Puppet Users] Re: Managing entries in /etc/group (membership)
If you''re using ldap, why not handle groups there? On Mon, Oct 17, 2011 at 03:48:33PM -0700, Forrie wrote:> I want to manage the membership of the /etc/group entry -- this is > just until we get things moved into LDAP -- so there aren''t any > virtual users to be connected with it. I had thought there was a > function to work with this, I could be mistaken. > > > > On Oct 17, 6:18 pm, Christopher Wood <christopher_w...@pobox.com> > wrote: > > The user type allows you to specify supplemental groups (see the groups parameter). Is that what you were looking for? > > > > http://docs.puppetlabs.com/references/stable/type.html#user > > > > > > > > > > > > > > > > On Mon, Oct 17, 2011 at 03:04:26PM -0700, Forrie wrote: > > > I have a requirement to manage membership to groups in /etc/group. > > > These members do not need to be virtual users. I don''t see a way to > > > do this through virtual users @group. How are others doing this? > > > > > -- > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > To post to this group, send email to puppet-users@googlegroups.com. > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Forrie
2011-Oct-17 22:54 UTC
[Puppet Users] Re: Managing entries in /etc/group (membership)
We aren''t using LDAP yet... On Oct 17, 6:50 pm, Christopher Wood <christopher_w...@pobox.com> wrote:> If you''re using ldap, why not handle groups there? > > > > > > > > On Mon, Oct 17, 2011 at 03:48:33PM -0700, Forrie wrote: > > I want to manage the membership of the /etc/group entry -- this is > > just until we get things moved into LDAP -- so there aren''t any > > virtual users to be connected with it. I had thought there was a > > function to work with this, I could be mistaken. > > > On Oct 17, 6:18 pm, Christopher Wood <christopher_w...@pobox.com> > > wrote: > > > The user type allows you to specify supplemental groups (see the groups parameter). Is that what you were looking for? > > > >http://docs.puppetlabs.com/references/stable/type.html#user > > > > On Mon, Oct 17, 2011 at 03:04:26PM -0700, Forrie wrote: > > > > I have a requirement to manage membership to groups in /etc/group. > > > > These members do not need to be virtual users. I don''t see a way to > > > > do this through virtual users @group. How are others doing this? > > > > > -- > > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > > To post to this group, send email to puppet-users@googlegroups.com. > > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Christopher Wood
2011-Oct-18 01:14 UTC
Re: [Puppet Users] Re: Managing entries in /etc/group (membership)
Perhaps I misunderstand your situation, but it seems to me that: 1) local users now response: puppetize user/group handling via manifests 2) ldap users in future response: move user/group handling to ldap when you start using ldap What is your situation? On Mon, Oct 17, 2011 at 06:50:17PM -0400, Christopher Wood wrote:> If you''re using ldap, why not handle groups there? > > On Mon, Oct 17, 2011 at 03:48:33PM -0700, Forrie wrote: > > I want to manage the membership of the /etc/group entry -- this is > > just until we get things moved into LDAP -- so there aren''t any > > virtual users to be connected with it. I had thought there was a > > function to work with this, I could be mistaken. > > > > > > > > On Oct 17, 6:18 pm, Christopher Wood <christopher_w...@pobox.com> > > wrote: > > > The user type allows you to specify supplemental groups (see the groups parameter). Is that what you were looking for? > > > > > > http://docs.puppetlabs.com/references/stable/type.html#user > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Oct 17, 2011 at 03:04:26PM -0700, Forrie wrote: > > > > I have a requirement to manage membership to groups in /etc/group. > > > > These members do not need to be virtual users. I don''t see a way to > > > > do this through virtual users @group. How are others doing this? > > > > > > > -- > > > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > > > To post to this group, send email to puppet-users@googlegroups.com. > > > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > > > > -- > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Luke Bigum
2011-Oct-18 08:27 UTC
[Puppet Users] Re: Managing entries in /etc/group (membership)
If I understand your problem correctly, no, there is no native
resource type in Puppet to manage a UNIX group, ie: this does not
exist:
group { "wheel":
members => "luke",
}
To manage group membership you need to know about every user you want
in every group. So if what you mean by "not having virtual users"
means you don''t currently have any native User resources in Puppet
then you''d need to create them. They don''t need to be virtual:
user { ''luke'':
ensure => ''present'',
groups => [''wheel'', ''audio'',
''mock''],
}
The other option is you use augeas to manage user entries, the example
below adds a user to a group:
augtool> print /files/etc/group/wheel
/files/etc/group/wheel
/files/etc/group/wheel/password = "x"
/files/etc/group/wheel/gid = "10"
/files/etc/group/wheel/user[1] = "root"
/files/etc/group/wheel/user[2] = "support"
/files/etc/group/wheel/user[3] = "biguml"
augtool> set /files/etc/group/wheel/user[last()+1] "woof"
augtool> print /files/etc/group/wheel
/files/etc/group/wheel
/files/etc/group/wheel/password = "x"
/files/etc/group/wheel/gid = "10"
/files/etc/group/wheel/user[1] = "root"
/files/etc/group/wheel/user[2] = "support"
/files/etc/group/wheel/user[3] = "biguml"
/files/etc/group/wheel/user[3] = "woof"
To do that in a Puppet resource you''d do this:
augeas { "woof_in_wheel_group":
changes => [ ''set /files/etc/group/wheel/user[last()+1]
woof'', ],
onlyif => "/bin/grep wheel /etc/group | /bin/grep woof",
}
You could easily turn that into a custom define to reuse it easily.
Hope that helps,
-Luke
On Oct 17, 11:48 pm, Forrie <for...@gmail.com>
wrote:> I want to manage the membership of the /etc/group entry -- this is
> just until we get things moved into LDAP -- so there aren''t any
> virtual users to be connected with it. I had thought there was a
> function to work with this, I could be mistaken.
>
> On Oct 17, 6:18 pm, Christopher Wood <christopher_w...@pobox.com>
> wrote:
>
>
>
>
>
>
>
> > The user type allows you to specify supplemental groups (see the
groups parameter). Is that what you were looking for?
>
> >http://docs.puppetlabs.com/references/stable/type.html#user
>
> > On Mon, Oct 17, 2011 at 03:04:26PM -0700, Forrie wrote:
> > > I have a requirement to manage membership to groups in
/etc/group.
> > > These members do not need to be virtual users. I don''t
see a way to
> > > do this through virtual users @group. How are others doing
this?
>
> > > --
> > > You received this message because you are subscribed to the
Google Groups "Puppet Users" group.
> > > To post to this group, send email to
puppet-users@googlegroups.com.
> > > To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> > > For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.