To answer my question: I looked around in the archives further on this
question and someone suggested to use augeas (which doesn't seem to
have a passwd file lens) or concat option. I ended up writing a
script to idempotently add entries if they were missing as an exec
resource - which works for us. There are a number of shops that want
to use netgroup syntax its a pity the native OS commands don't appear
to support that syntax otherwise this would be easier...
Vince
<snippet below>
class passwd {
exec {"/opt/script/puppet/ensure_pw_present.pl +:x:::::/opt/script/
nologin":
path => "/usr/bin:/bin",
command => "perl /opt/script/puppet/ensure_pw_present.pl +:x:::::/opt/
script/nologin",
require => File["/opt/script/puppet/ensure_pw_present.pl"],
onlyif => "grep -v +:x:::::/opt/script/nologin /etc/passwd",
user => root,
}
exec {"/opt/script/puppet/ensure_pw_present.pl
+@unixoperators:x:::::":
path => "/usr/bin:/bin",
command => "perl /opt/script/puppet/ensure_pw_present.pl
+@unixoperators:x:::
::",
require => File["/opt/script/puppet/ensure_pw_present.pl"],
onlyif => "grep -v +@unixoperators:x::::: /etc/passwd",
user => root,
before => Exec['/opt/script/puppet/ensure_pw_present.pl +:x:::::/opt/
script/nologin'],
}
On Mar 14, 3:51 pm, VinceT <[email protected]> wrote:
> Hi,
>
> I'd like to maintain netgroup entries in the /etc/passwd, /etc/shadow
> files to allow all unix admins loging access and default setup nologin
> for every non-authorized user.
>
> +@unixoperators:x:::::
> +:x:::::/opt/script/nologin
>
> I saw a thread about this online, but not a definitive resolution -
> not sure if the user resource type is the right way to implement this
> currently or to try to handle via file resources....
>
> Vince
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
