On 02/05/2012 07:37 PM, [email protected] wrote:
> Forum: CFEngine Help
> Subject: Re: CFEngine Help: Editing /etc/shadow file using variables
> Author: josephvj
> Link to topic: https://cfengine.com/forum/read.php?3,24725,24726#msg-24726
Joseph,
I don't think this is doing what you expect.
It looks like you are only using set_user_field. If you look at it in
the standard library it just sets a field on a matched user. If it does
not match a line I don't believe it will have anything to set. I suspect
you need an insert lines promise if the user isn't already in the shadow
file.
In my local user management bundle I use a replace_or_add edit_line
promise to initialize the shadow file. One the entry is their you could
use the set_user_field.
This may seem undesirable initially but consider the situation where you
only want to set a user field if the user exists, you don't wasn't to
add a line and set the field.
user existence means they are found in /etc/passwd, but that does not
necessarily correspond with an entry in /etc/shadow.
Take a look at this bundle for some ideas.
--
Nick Anderson <[email protected]>
body common control
{
bundlesequence => { "main" };
inputs => {
"cfengine_stdlib.cf",
};
version => "Community Promises.cf 1.0.0";
}
bundle agent main {
vars:
"users[testuser][gecos]" string => "My Test User";
"users[testuser][uid]" string => "1500";
"users[testuser][gid]" string => "1500";
"users[testuser][home]" string => "/tmp/testuserhome";
"users[testuser][shell]" string => "/sbin/nologin";
"users[testuser][passwdhash]" string =>
"$1$w13jhaQh$2GXP4x9yghxD/rj40EjZE/";
methods:
"any" usebundle => local_user_add("main.users");
}
bundle agent local_user_add (user) {
# Expects to be passed an array keyed on username, the following fields are
# required.
# gecos, uid, gid, home, shell, passwdhash
# Dependancies: replace_or_add from copbl svn 105 or greater, perl
vars:
linux::
"skel" string => "/etc/skel/";
"pwfile" string => "/tmp/passwd";
"shadowfile" string => "/tmp/shadow";
"groupfile" string => "/tmp/group";
"userlist" slist => getindices("$(user)");
"pwentry[$(userlist)]" string =>
"$(userlist):x:$($(user)[$(userlist)][uid]):$($(user)[$(userlist)][gid]):$($(user)[$(userlist)][gecos]):$($(user)[$(userlist)][home]):$($(user)[$(userlist)][shell])";
"days_since_epoch" string => execresult("/usr/bin/perl -le
'print int time/(60*60*24)'", "noshell");
"shadowentry[$(userlist)]" string =>
"$(userlist):$($(user)[$(userlist)][passwdhash]):$(days_since_epoch):0:99999:7:::";
classes:
"add_$(userlist)" not => userexists("$(userlist)");
files:
linux::
"$(pwfile)"
comment => "Ensure user exists",
edit_line => replace_or_add("$(userlist):.*",
"$(pwentry[$(userlist)])"),
ifvarclass => "add_$(userlist)";
"$(shadowfile)"
comment => "Ensure user has password entry",
edit_line => replace_or_add("$(userlist):.*",
"$(shadowentry[$(userlist)])"),
ifvarclass => "add_$(userlist)";
"$($(user)[$(userlist)][home])/."
comment => "Make sure users home directory exists",
create => "true",
perms => mog("755", "$($(user)[$(userlist)][uid])",
"$($(user)[$(userlist)][gid])"),
classes => if_repaired("seed_home"),
ifvarclass => "add_$(userlist)";
"$($(user)[$(userlist)][home])/."
comment => "Seed home directory with skell, but only
when we create the home directory the user should have the choice to remove the
seeded files",
depth_search => recurse("inf"),
copy_from => seed_cp("$(local_user_add.skel)"),
perms => og("$($(user)[$(userlist)][uid])",
"$($(user)[$(userlist)][gid])"),
ifvarclass => "seed_home";
}
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
