Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #3844 : handle gid/uid in user management #166

Closed
wants to merge 12 commits into from
Closed

Fixes #3844 : handle gid/uid in user management #166

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
6e2c638
userManagement: Duplicate 2.0 > 3.0
Aug 15, 2013
e792105
userManagement: Add new options for setting user ID in metadata.xml
Aug 15, 2013
fba5998
userManagement: Add options for setting user default group ID in meta…
Aug 15, 2013
530b0e3
userManagement: Add option to force local user creation
Aug 15, 2013
29dc212
userManagement: Add user home dir creation for locally forced users
Aug 15, 2013
0d9eb8e
userManagement: Fixing syntax
Aug 15, 2013
b529c2d
userManagement: Fix perms to match rudder cfengine_stdlib.cf FnCall
Aug 15, 2013
fcb4183
userManagement: Fix ifvar detection
Aug 15, 2013
0c20f0d
userManagement: Fix double creation attempt and add reporting for GID…
Aug 15, 2013
5a740e5
userManagement: Fix usage of gid with useradd - All possible test cas…
Aug 15, 2013
52bffe0
userManagement/3.0: Enforce persistent UID
Aug 19, 2013
38fd001
userManagement/3.0: Fix UID and GID reporting - Induce changes in the…
Aug 20, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
176 changes: 176 additions & 0 deletions techniques/systemSettings/userManagement/userManagement/3.0/metadata.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,176 @@
<!--
Copyright 2011 Normation SAS

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, Version 3.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->

<!--
This is the userManagement PT.
Compatibility : Linux like, Windows like

It is intended to check the user parameters on the target host.
-->
<TECHNIQUE name="User management">
<DESCRIPTION>This technique manages the target host(s) users.

It will ensure that the defined users are present on the system.</DESCRIPTION>
<MULTIINSTANCE>true</MULTIINSTANCE>
<COMPATIBLE>
<OS version=">= 4 (Etch)">Debian</OS>
<OS version=">= 4 (Nahant)">RHEL / CentOS</OS>
<OS version=">= 10 SP1 (Agama Lizard)">SuSE LES / DES / OpenSuSE</OS>
<AGENT version=">= 3.1.5">cfengine-community</AGENT>
</COMPATIBLE>

<BUNDLES>
<NAME>check_usergroup_user_parameters</NAME>
</BUNDLES>

<TMLS>
<TML name="userManagement"/>
</TMLS>

<TRACKINGVARIABLE>
<SAMESIZEAS>USERGROUP_USER_LOGIN</SAMESIZEAS>
</TRACKINGVARIABLE>

<SECTIONS>
<!-- users section , index 1 -->
<SECTION name="Users" multivalued="true" component="true" componentKey="USERGROUP_USER_LOGIN">
<INPUT>
<NAME>USERGROUP_USER_LOGIN</NAME>
<DESCRIPTION>Login name for this account</DESCRIPTION>
</INPUT>
<INPUT>
<NAME>USERGROUP_USER_NAME</NAME>
<DESCRIPTION>Full name for this account</DESCRIPTION>
<CONSTRAINT>
<MAYBEEMPTY>true</MAYBEEMPTY>
</CONSTRAINT>
</INPUT>
<SELECT1>
<NAME>USERGROUP_USER_ACTION</NAME>
<DESCRIPTION>Policy to apply on this account</DESCRIPTION>
<ITEM>
<LABEL>Create / update</LABEL>
<VALUE>add</VALUE>
</ITEM>
<ITEM>
<LABEL>Remove</LABEL>
<VALUE>remove</VALUE>
</ITEM>
<ITEM>
<LABEL>Check only (account should exist)</LABEL>
<VALUE>checkhere</VALUE>
</ITEM>
<ITEM>
<LABEL>Check only (account should not exist)</LABEL>
<VALUE>checknothere</VALUE>
</ITEM>
<CONSTRAINT>
<DEFAULT>add</DEFAULT>
</CONSTRAINT>
</SELECT1>
<SELECT1>
<NAME>USERGROUP_USER_PASSWORD_POLICY</NAME>
<DESCRIPTION>How often do you want to want to check the password</DESCRIPTION>
<ITEM>
<LABEL>At account creation</LABEL>
<VALUE>oneshot</VALUE>
</ITEM>
<ITEM>
<LABEL>Everytime</LABEL>
<VALUE>everytime</VALUE>
</ITEM>
<CONSTRAINT>
<DEFAULT>everytime</DEFAULT>
</CONSTRAINT>
</SELECT1>
<INPUT>
<NAME>USERGROUP_USER_SET_UID</NAME>
<DESCRIPTION>Set user ID ?</DESCRIPTION>
<CONSTRAINT>
<TYPE>boolean</TYPE>
<DEFAULT>false</DEFAULT>
</CONSTRAINT>
</INPUT>
<INPUT>
<NAME>USERGROUP_USER_UID</NAME>
<DESCRIPTION>User ID</DESCRIPTION>
<CONSTRAINT>
<MAYBEEMPTY>true</MAYBEEMPTY>
</CONSTRAINT>
</INPUT>
<INPUT>
<NAME>USERGROUP_USER_SET_GID</NAME>
<DESCRIPTION>Set user default group ID ?</DESCRIPTION>
<CONSTRAINT>
<TYPE>boolean</TYPE>
<DEFAULT>false</DEFAULT>
</CONSTRAINT>
</INPUT>
<INPUT>
<NAME>USERGROUP_USER_GID</NAME>
<DESCRIPTION>Default group ID</DESCRIPTION>
<LONGDESCRIPTION>Must exists if you don't force user creation locally</LONGDESCRIPTION>
<CONSTRAINT>
<MAYBEEMPTY>true</MAYBEEMPTY>
</CONSTRAINT>
</INPUT>
<INPUT>
<NAME>USERGROUP_USER_FORCE_LOCAL</NAME>
<DESCRIPTION>Force local user creation</DESCRIPTION>
<LONGDESCRIPTION>Force user local creation, helps when useradd cannot be used (Duplicate network user etc...) /!\ You must provide UID and GID to use this option</LONGDESCRIPTION>
<CONSTRAINT>
<TYPE>boolean</TYPE>
<DEFAULT>false</DEFAULT>
</CONSTRAINT>
</INPUT>
<INPUT>
<NAME>USERGROUP_USER_HOME_PERSONNALIZE</NAME>
<DESCRIPTION>Use the default home directory</DESCRIPTION>
<CONSTRAINT>
<TYPE>boolean</TYPE>
<DEFAULT>true</DEFAULT>
</CONSTRAINT>
</INPUT>
<INPUT>
<NAME>USERGROUP_USER_HOME</NAME>
<DESCRIPTION>Home directory, if not default</DESCRIPTION>
<CONSTRAINT>
<MAYBEEMPTY>true</MAYBEEMPTY>
</CONSTRAINT>
</INPUT>
<INPUT>
<NAME>USERGROUP_USER_SHELL</NAME>
<DESCRIPTION>Shell for this account</DESCRIPTION>
<LONGDESCRIPTION>Will be used only on UNIX systems</LONGDESCRIPTION>
<CONSTRAINT>
<DEFAULT>/bin/bash</DEFAULT>
</CONSTRAINT>
</INPUT>
<SECTION name="Password" component="true" componentKey="USERGROUP_USER_LOGIN">
<INPUT>
<NAME>USERGROUP_USER_PASSWORD</NAME>
<DESCRIPTION>Password for this account</DESCRIPTION>
<CONSTRAINT>
<MAYBEEMPTY>true</MAYBEEMPTY>
<TYPE>password</TYPE>
<PASSWORDHASH>linux-shadow-md5,linux-shadow-sha256,linux-shadow-sha512</PASSWORDHASH>
</CONSTRAINT>
</INPUT>
</SECTION>
</SECTION>
</SECTIONS>

</TECHNIQUE>
Loading