Yes I had tried it with puppet, but I wasn't sure if it was doing the
right thing. After this thread I've investigated a bit more and I
think it will be fine. When using puppet and not providing a password,
the hash in the shadow file ends up as a '!' character which is an
invalid password hash. Using --disabled-password it ends up as a '*'
character which is also an invalid hash. After some investigation, I
believe these are functionally equivalent.
My request for puppet would be more documentation on this subject. Or
an explicit disabled-password attribute would make things more clear.
Either one would reduce the amount of digging around in shadow files
to figure out what is happening.
In the end I totally agree that the following is much better than my
original approach. Any more suggestions on this code?
class groups {
group { ["sudoers", "admin"]:
ensure => "present",
}
}
define define_user($groups = [], $comment = "") {
user { $name:
ensure => "present",
comment => "$comment",
groups => $groups,
membership => "minimum",
home => "/home/$name",
managehome => "true",
shell => "/bin/bash",
require => Class["groups"],
}
}
class users {
define_user { "example":
comment => "Full Name",
groups => ["admin"],
}
define_user { "example":
}
}
-Brad
On Oct 19, 3:57 pm, "Andrew Shafer" <[EMAIL PROTECTED]> wrote:
> adduser is a nice interactive script, but it is using useradd, etc,
> underneath the covers.
>
> I believe --disable-password is just going to create a user without a
> password which is the default behavior if no password is specified with
> useradd. There is no --disable-password for useradd.
>
> There are probably subtleties between systems that I'm not aware of, but I
> don't think you have a problem. (Someone please correct me if I'm wrong. I'm
> not a battle hardened sysadmin by any stretch of the imagination)
>
> Just curious, did you try to make users with puppet?
>
> On Sun, Oct 19, 2008 at 3:47 PM, schickb <[EMAIL PROTECTED]> wrote:
>
> > Thanks for the tips. The main problem for me was lack of information
> > in the puppet docs about password for newly created users on Linux
> > systems (useradd etc). I saw no way to do --disabled-password for
> > example, and it wasn't clear to me what the state of the password
> > would be if I didn't provide it explicitly.
>
> > -Brad
>
> > On Oct 19, 12:15 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
> > > You are running into a common misconception of people new to Puppet. A
> > > define is not some sort of function. You don't "run" defines. Puppet
> > > is a declarative language, you are trying to use it like an imperative
> > > language, and you will be fighting the tool the whole way.
>
> > > What features do you want that the predefined types don't support?
> > > Maybe we can help you to understand the Puppet Way to do what you want
> > > to do. In this example you included, I don't see you getting any
> > > features that are unsupported by Puppet users/groups.
>
> > > --Paul
>
> > > On Sun, Oct 19, 2008 at 12:33 AM, schickb <[EMAIL PROTECTED]> wrote:
>
> > > > I am working on defining users and groups manually. I know there are
> > > > basic predefined types, but they don't support all of the features
> > > > I'll want, and I am learning in the process. I'm a bit stumped when
> > > > trying to add a user to multiple groups that are defined in an array.
> > > > Currently I have code similar to that below, but its wrong since I am
> > > > not handling the $groups array correctly. How can I run add_to_group
> > > > once for each group?
>
> > > > define make_group($desc = "") {
> > > > exec { "addgroup --gecos \"$desc\" \"$title\"":
> > > > unless => "grep $title /etc/group",
> > > > path => "/usr/bin:/usr/sbin:/bin",
> > > > }
> > > > }
>
> > > > define add_to_group($group) {
> > > > exec { "adduser $title $group":
> > > > unless => "groups $title | grep $group",
> > > > path => "/usr/bin:/usr/sbin:/bin",
> > > > }
> > > > }
>
> > > > define make_user($fullname, $groups="") {
> > > > exec { "adduser-$title":
> > > > command => "adduser --disabled-password --gecos \"$fullname\"
> > > > \"$title\"",
> > > > creates => "/home/$title",
> > > > path => "/usr/bin:/usr/sbin:/bin",
> > > > }
>
> > > > if $groups {
> > > > add_to_group { $title:
> > > > group => $groups,
> > > > require => [Class["all_groups"], Exec["adduser-$title"]],
> > > > }
> > > > }
> > > > }
>
> > > > class all_groups {
> > > > make_group { "sudoers":
> > > > desc => "users allowed to sudo",
> > > > }
> > > > make_group { "admins":}
> > > > make_group { "another":}
> > > > }
>
> > > > class all_users {
> > > > make_user { "example":
> > > > fullname => "Full Name",
> > > > groups => ["sudoers", "another"],
> > > > }
> > > > }
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
