Forum: CFEngine Help
Subject: user management darwin / looping over 2dimensional array?
Author: bernhard.gl...@ecologic.eu
Link to topic: https://cfengine.com/forum/read.php?3,26204,26452#msg-26452
Hi Diego, hi all,
back at desk I took a look at you proposed method and found it not working with
OS X 10.7.4
Nevertheless I think I found "a clean way" to manage local user accounts in
darwin/OS X 10.7.4
Now I just have a problem with looping over a list in an array that I pass as
an argument - it just doesn't expand...
The code below is working fine just the line
"users[]" slist => { "", "" };
won't expand, while
"foo" slist => {"one", "two"};
defined in the second bundle itself works fine...
Where am I wrong??
TIA
Bernhard
P.S. to create the ShadowHashData and KereberosKeys files run
defaults read / ShadowHashData > /server/shd_
(than the same for KereberosKeys)
The username doesn't have to match, it can be any local account on any
darwin/10.7.4 machine
------------------------------
#############################
# (c) 2012 bglomm
#
# eco_local_admins configuration
###
bundle agent eco_local_admins {
vars:
any::
"pwbase" string =>
"/var/db/dslocal/nodes/Default/users";
"users" string => "local system administrator";
"users" string => "510";
"users" string => "20";
"users" string => "/Users/administrator";
"users" string => "/bin/bash";
"users" string => "";
"users" string => execresult("/usr/bin/defaults read
$(pwbase)/administrator.plist ShadowHashData","noshell");
"users" string => execresult("/bin/cat
$(sys.workdir)/shd_administrator","noshell");
"users" string => execresult("/usr/bin/defaults read
$(pwbase)/administrator.plist KerberosKeys","noshell");
"users" string => execresult("/bin/cat
$(sys.workdir)/kk_administrator","noshell");
#"users" slist => { "admin", "wheel" };
"users" string => "admin";
"users" string => "helpdesk administrator";
"users" string => "511";
"users" string => "20";
"users" string => "/Users/helpdesk";
"users" string => "/bin/bash";
"users" string => "";
"users" string => execresult("/usr/bin/defaults read
$(pwbase)/helpdesk.plist ShadowHashData","noshell");
"users" string => execresult("/bin/cat
$(sys.workdir)/shd_helpdesk","noshell");
"users" string => execresult("/usr/bin/defaults read
$(pwbase)/helpdesk.plist KerberosKeys","noshell");
"users" string => execresult("/bin/cat
$(sys.workdir)/kk_helpdesk","noshell");
#"users" slist => { "admin", "wheel" };
"users" string => "admin";
methods:
"users"
comment => "create local admin user",
usebundle => create_users("eco_local_admins.users");
}
#############
bundle agent create_users(info) {
vars:
"user" slist => getindices("$(info)");
"foo" slist => {"one", "two"};
classes:
"add_$(user)" not => userexists("$(user)");
"reset_shd_$(user)" not =>
strcmp("$($(info)[$(user)])","$($(info)[$(user)])");
"reset_kk_$(user)" not =>
strcmp("$($(info)[$(user)])","$($(info)[$(user)])");
commands:
rabelais::
"/usr/bin/dscl"
args => ". -create /Users/$(user)",
ifvarclass => "add_$(user)",
comment => "create $(user)";
"/usr/bin/dscl"
args => ". -create /Users/$(user) RealName $(user)",
ifvarclass => "add_$(user)",
comment => "create RealName for $(user)";
"/usr/bin/dscl"
args => ". -create /Users/$(user) UniqueID
$($(info)[$(user)])",
ifvarclass => "add_$(user)",
comment => "set UniqueID $($(info)[$(user)]) for $(user)";
"/usr/bin/dscl"
args => ". -create /Users/$(user) PrimaryGroupID
$($(info)[$(user)])",
ifvarclass => "add_$(user)",
comment => "set PrimaryGroupID $($(info)[$(user)]) for
$(user)";
"/usr/bin/dscl"
args => ". -create /Users/$(user) UserShell
$($(info)[$(user)])",
ifvarclass => "add_$(user)",
comment => "set UserShell $($(info)[$(user)]) for $(user)";
"/usr/sbin/createhomedir"
args => "-c -u $(user)",
ifvarclass => "add_$(user)",
comment => "create homedir for $(user)";
"/usr/bin/dscl"
args => ". create /Users/$(user) NFSHomeDirectory
/Users/$(user)",
ifvarclass => "add_$(user)",
comment => "create NFSHomeDirectory for $(user)";
"/usr/sbin/dseditgroup"
args => "-o edit -a $(user) -t user $($(info)[$(user)])",
ifvarclass => "add_$(user)",
comment => "add $(user) to groups";
"/usr/bin/defaults"
args => "write $(eco_local_admins.pwbase)/$(user).plist
ShadowHashData '$($(info)[$(user)])'",
ifvarclass => "reset_shd_$(user)",
comment => "resetting ShadowHashData for user $(user)";
"/usr/bin/defaults"
args => "write $(eco_local_admins.pwbase)/$(user).plist
KerberosKeys '$($(info)[$(user)])'",
ifvarclass => "reset_kk_$(user)",
comment => "resetting KerberosKeys for user $(user)";
files:
rabelais::
"/tmp/foo"
comment => "testing promise, to be erased if of no use
anymore",
create => "true",
#edit_line => append_if_no_lines("$($(info)[$(user)])");
# this doesn't work!
edit_line => append_if_no_lines("$(foo)");
# this works
"$(sys.workdir)/shd_$(user)"
comment => "copy ShadowHashData file for $(user)",
create => "true",
copy_from =>
secure_cp("$(update.conf_files)/shd_$(user)","$(update.cfmaster)"),
perms => mog("400","root","wheel"),
classes => if_repaired("reset_shd_$(user)");
"$(sys.workdir)/kk_$(user)"
comment => "copy ShadowHashData file for $(user)",
create => "true",
copy_from =>
secure_cp("$(update.conf_files)/kk_$(user)","$(update.cfmaster)"),
perms => mog("400","root","wheel"),
classes => if_repaired("reset_kk_$(user)");
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
