On Thursday 04 Nov 2010 10:40:02 Martin Alfke wrote:
> On Nov 4, 2010, at 8:28 AM, hywl51 wrote:
> > Hi, all
> >
> > I want to control the user accounts on our company servers with
> > puppet. The complete requirements are the following:
> >
> > 1. Assuming that one user run " useradd ...." on the server to create
> > a new account named "newuser".
> > 2. Puppet will konw the new user created soon, and restore the server
> > status to the before. That is, puppet will delete the new user.
> >
> >
> > I am not sure if puppet could fullfill this requirement. Could anyone
> > give me some advices.
> >
> > Thanks
> > hywl51
>
> Hi,
>
> I would assume that you can define a resource default:
>
> User { ensure => absent }
>
> and afterwards define the users you would like to be present on your
> system.
Would this not mean the deletion and creation of all users on the system every
30 minutes (or whatever your puppet run is set to?)
I would respectfully suggest that the best way to prevent users from adding
new accounts on your systems (which is how I understand your question) is to
restrict those individual's rights on the systems, not to make sure that you
undo any "damage" they may have done whilst logged in every time puppet runs.
M.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
