On 01/19/2012 08:21 AM, no-re...@cfengine.com wrote:
> Forum: CFEngine Help
> Subject: User Management
> Author: josephvj
> Link to topic: https://cfengine.com/forum/read.php?3,24588,24588#msg-24588
>
> Hi,
>
> I'm new to this platform. I wonder if it's possible to write a script for
> checking users and create them if not. A simple basic script is as below, no
> idea in passing to the next step. It would be great if anyone could help to
> solve it .
Hello Joseph, welcome.
It is absolutely possible to write policy that promises to create users
if they don't exist. The question becomes how do you want to do this?
You can use commands to spawn the useradd and groupadd commands, or you
can use line editing to modify /etc/passwd, /etc/group, and /etc/shadow
directly. There are a few different examples in the solutions guide
found http://cfengine.com/manuals/cf3-solutions.html#Add-users.
Personally I am not a big fan of the specific examples in the solutions
guide, but it does give you a few ideas.
Diego has a pretty nice bundle that uses the useradd model and you
define your users in an array. You can see it and how to use it here
https://cfengine.com/forum/read.php?3,20392,20419#msg-20419.
I would like to see a pure file edit implementation, that uses the same
style of user definition that diego uses. I have one that comes close,
but I had to use a commands promise to get the days since epoch so I
still end up spawning a process. Here it is just as another example. And
if anyone has any suggestions how to get days since epoch without a
commands promise that would be great.
--
Nick Anderson <n...@cmdln.org>
body common control
{
bundlesequence => { "main" };
inputs => {
"cfengine_stdlib.cf",
};
version => "Community Promises.cf 1.0.0";
}
bundle agent main {
vars:
"users[testuser][gecos]" string => "My Test User";
"users[testuser][uid]" string => "1500";
"users[testuser][gid]" string => "1500";
"users[testuser][home]" string => "/tmp/testuserhome";
"users[testuser][shell]" string => "/sbin/nologin";
"users[testuser][passwdhash]" string =>
"$1$w13jhaQh$2GXP4x9yghxD/rj40EjZE/";
methods:
"any" usebundle => local_user_add("main.users");
}
bundle agent local_user_add (user) {
# Expects to be passed an array keyed on username, the following fields are
# required.
# gecos, uid, gid, home, shell, passwdhash
# Dependancies: replace_or_add from copbl svn 105 or greater, perl
vars:
linux::
"skel" string => "/etc/skel/";
"pwfile" string => "/tmp/passwd";
"shadowfile" string => "/tmp/shadow";
"groupfile" string => "/tmp/group";
"userlist" slist => getindices("$(user)");
"pwentry[$(userlist)]" string =>
"$(userlist):x:$($(user)[$(userlist)][uid]):$($(user)[$(userlist)][gid]):$($(user)[$(userlist)][gecos]):$($(user)[$(userlist)][home]):$($(user)[$(userlist)][shell])";
"days_since_epoch" string => execresult("/usr/bin/perl -le
'print int time/(60*60*24)'", "noshell");
"shadowentry[$(userlist)]" string =>
"$(userlist):$($(user)[$(userlist)][passwdhash]):$(days_since_epoch):0:99999:7:::";
classes:
"add_$(userlist)" not => userexists("$(userlist)");
files:
linux::
"$(pwfile)"
comment => "Ensure user exists",
edit_line => replace_or_add("$(userlist):.*",
"$(pwentry[$(userlist)])"),
ifvarclass => "add_$(userlist)";
"$(shadowfile)"
comment => "Ensure user has password entry",
edit_line => replace_or_add("$(userlist):.*",
"$(shadowentry[$(userlist)])"),
ifvarclass => "add_$(userlist)";
"$($(user)[$(userlist)][home])/."
comment => "Make sure users home directory exists",
create => "true",
perms => mog("755", "$($(user)[$(userlist)][uid])",
"$($(user)[$(userlist)][gid])"),
classes => if_repaired("seed_home"),
ifvarclass => "add_$(userlist)";
"$($(user)[$(userlist)][home])/."
comment => "Seed home directory with skell, but only
when we create the home directory the user should have the choice to remove the
seeded files",
depth_search => recurse("inf"),
copy_from => seed_cp("$(local_user_add.skel)"),
perms => og("$($(user)[$(userlist)][uid])",
"$($(user)[$(userlist)][gid])"),
ifvarclass => "seed_home";
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
