Permalink
Browse files

Merge pull request #5 from ckaenzig/sftp-user-impovements

Sftp user impovements
  • Loading branch information...
ckaenzig committed Nov 28, 2012
2 parents 69e17a1 + d3a7a9d commit ae3560483c32aaaf5108767ba72b79fb727cbce8
Showing with 63 additions and 31 deletions.
  1. +63 −31 manifests/sftp/user.pp
View
@@ -16,18 +16,27 @@
# [*ssh_options*]
# Key options, see sshd(8) for possible values
#
+# [*password*]
+# Set the user's password
+#
# [*present*]
# Define if this account is present or absent
#
# [*home*]
# The home directory of the user
#
+# [*manage_home*]
+# Select wether to manage the user's home directory
+#
# [*basedir*]
# This directory will be used to store files
#
# [*basedir_mode*]
# The desired permissions for the base directory
#
+# [*manage_basedir*]
+# Select wether to manage the directory given in the basedir parameter.
+#
# [*group*]
# The restricted sftp group name. Must be declared outside this definition.
#
@@ -42,51 +51,74 @@
# Mathieu Bornoz <mathieu.bornoz@camptocamp.com>
#
define ssh::sftp::user (
- $ssh_key,
- $ssh_type = 'ssh-rsa',
- $ssh_options = [],
- $ensure = 'present',
- $home = false,
- $basedir = 'uploads',
- $basedir_mode = '2775',
- $group = 'sftponly'
+ $ssh_key = false,
+ $ssh_type = 'ssh-rsa',
+ $ssh_options = [],
+ $password = false,
+ $ensure = 'present',
+ $home = false,
+ $basedir = 'uploads',
+ $basedir_mode = '2775',
+ $manage_home = true,
+ $manage_basedir = true,
+ $group = 'sftponly'
) {
+ $using_ssh_key = $ssh_key ? {
+ false => false,
+ default => true,
+ }
+
+ if ($using_ssh_key == false) and ($password == false) {
+ fail "Must specify at least one of 'password' or 'ssh_key' in ssh::sftp::user[$name]"
+ }
+
$user_home = $home ? {
false => "/home/${name}",
default => $home,
}
- file {$user_home:
- ensure => directory,
- owner => 'root',
- group => $group,
- mode => '0750',
+ if $manage_home {
+ file {$user_home:
+ ensure => directory,
+ owner => 'root',
+ group => $group,
+ mode => '0750',
+ }
+ }
+
+ $nologin_path = $lsbdistid ? {
+ /Debian|Ubuntu/ => '/usr/sbin/nologin',
+ /RedHat|CentOS/ => '/sbin/nologin',
}
user {$name:
- ensure => $ensure,
- home => $user_home,
- groups => $group,
- shell => '/usr/lib/sftp-server',
- require => File[$user_home]
+ ensure => $ensure,
+ password => $password ? { false => undef, default => $password },
+ home => $user_home,
+ groups => $group,
+ shell => $nologin_path,
}
- file {"${user_home}/${basedir}":
- ensure => directory,
- mode => $basedir_mode,
- owner => $name,
- group => $group,
- require => [ User[$name], Group[$group] ],
+ if $manage_basedir {
+ file {"${user_home}/${basedir}":
+ ensure => directory,
+ mode => $basedir_mode,
+ owner => $name,
+ group => $group,
+ require => [ User[$name], Group[$group] ],
+ }
}
- ssh_authorized_key {"sftponly_${name}":
- ensure => $ensure,
- user => $name,
- key => $ssh_key,
- type => $ssh_type,
- options => $ssh_options,
- require => User[$name],
+ if $using_ssk_key {
+ ssh_authorized_key {"sftponly_${name}":
+ ensure => $ensure,
+ user => $name,
+ key => $ssh_key,
+ type => $ssh_type,
+ options => $ssh_options,
+ require => User[$name],
+ }
}
augeas {"internal-sftp for ${name}":

0 comments on commit ae35604

Please sign in to comment.