Patrick <[email protected]> writes:
'generate' is run on the puppetmaster; there isn't actually an easy way to
query this on the client other than using a custom fact.
Daniel
> I was under the impression that "generate" is run on the puppetmaster, but
> I'm not sure. You might want to check to see if your user list is coming
> from the server.
>
> On Aug 29, 2010, at 12:27 PM, bonobo wrote:
>
>> I may have answered by own question, but it still seems like there
>> might be a better way.
>>
>> Here's what I came up with:
>>
>> # Secure Configuration Control 1.
>>
>> # Change the shell for system accounts to /dev/null. System accounts
>> # are accounts with UIDs less than 500 but greater than 0.
>> #
>> # Exceptions:
>> # - Accounts with the shells the /sbin/shutdown, /bin/sync, /sbin/
>> halt.
>> # - The nx account (used by FreeNX for remote deskttop access).
>>
>> define preventLogin2SystemAccts (){
>> user{ $title:
>> shell => "/dev/null" ,
>> }
>> }
>>
>> $systemAccts = generate("/etc/puppet/scripts/
>> list.system.accounts.sh" )
>> $systemAcctsArray = split( $systemAccts, '[,]')
>> preventLogin2SystemAccts{ $systemAcctsArray : }
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected].
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
--
✣ Daniel Pittman ✉ [email protected] ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
