-
-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
265 additions
and
115 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,189 @@ | ||
# Reference | ||
|
||
<!-- DO NOT EDIT: This document was generated by Puppet Strings --> | ||
|
||
## Table of Contents | ||
|
||
### Classes | ||
|
||
* [`sftp_jail`](#sftp_jail): Manage SFTP Jails | ||
|
||
### Defined types | ||
|
||
* [`sftp_jail::jail`](#sftp_jailjail): One SFTP Jail where users get "chrooted" into | ||
* [`sftp_jail::user`](#sftp_jailuser): Adds a user's home directory to an SFTP jail. | ||
|
||
## Classes | ||
|
||
### <a name="sftp_jail"></a>`sftp_jail` | ||
|
||
Manage SFTP Jails | ||
|
||
#### Parameters | ||
|
||
The following parameters are available in the `sftp_jail` class: | ||
|
||
* [`chroot_base`](#chroot_base) | ||
|
||
##### <a name="chroot_base"></a>`chroot_base` | ||
|
||
Data type: `Stdlib::Absolutepath` | ||
|
||
All jails are located in this directory. | ||
|
||
Default value: `'/chroot'` | ||
|
||
## Defined types | ||
|
||
### <a name="sftp_jailjail"></a>`sftp_jail::jail` | ||
|
||
A jail can have one or multiple users. With multiple users, they can share | ||
some date via the `/incomming` directory. | ||
|
||
#### Examples | ||
|
||
##### Single user | ||
|
||
```puppet | ||
# The `sftp_jail::jail` resource creates a jail with a single home directory | ||
# and an `incoming` directory. `incoming` is owned by the user and group | ||
# provided when declaring the resource: | ||
sftp_jail::jail { 'myjail': | ||
user => 'bbriggs', | ||
group => 'bbriggs', | ||
} | ||
``` | ||
|
||
##### Shared jail | ||
|
||
```puppet | ||
# Sometimes, more than one user will need to access the same jail, but with | ||
# different permissions. For instance, one may need read-write access while | ||
# another is limited to read-only. In such a case, first create the jail with | ||
# your write user and set up a match_group that redirects users. Again, the | ||
# users and groups must already exist. | ||
sftp_jail::jail { 'shared_jail': | ||
user => 'writeuser', | ||
group => 'writegroup', | ||
match_group => 'sftpusers', | ||
} | ||
# Now add a user to your jail. | ||
sftp_jail::user { 'readuser': | ||
jail => '/chroot/shared_jail', | ||
} | ||
# To share write access to `/incoming`, set the `group` parameter of | ||
# `sftp_jail::jail` to a group that is common to both users, such as the | ||
# `sftpusers` group that you might use to redirect users into a jail. | ||
``` | ||
|
||
#### Parameters | ||
|
||
The following parameters are available in the `sftp_jail::jail` defined type: | ||
|
||
* [`jail_name`](#jail_name) | ||
* [`user`](#user) | ||
* [`group`](#group) | ||
* [`match_group`](#match_group) | ||
* [`password_authentication`](#password_authentication) | ||
|
||
##### <a name="jail_name"></a>`jail_name` | ||
|
||
Data type: `Any` | ||
|
||
The jails name. | ||
|
||
Default value: `$name` | ||
|
||
##### <a name="user"></a>`user` | ||
|
||
Data type: `Any` | ||
|
||
The user that will own the corresponding home directory in the jail, giving | ||
the user a place to land. Also sets user ownership for `/incoming`. | ||
|
||
Default value: ``undef`` | ||
|
||
##### <a name="group"></a>`group` | ||
|
||
Data type: `Any` | ||
|
||
The group that will own the corresponding home directory in the jail, | ||
giving the user a place to land. Also sets group ownership for `/incoming`. | ||
|
||
Default value: ``undef`` | ||
|
||
##### <a name="match_group"></a>`match_group` | ||
|
||
Data type: `Any` | ||
|
||
Set the group that SSHd will look for when redirecting users to the jail. | ||
Useful for shared jails. Defaults to the value of `group`. | ||
|
||
Default value: ``undef`` | ||
|
||
##### <a name="password_authentication"></a>`password_authentication` | ||
|
||
Data type: `Any` | ||
|
||
OpenSSH Password Authentication | ||
|
||
Default value: `'no'` | ||
|
||
### <a name="sftp_jailuser"></a>`sftp_jail::user` | ||
|
||
Used for shared jails to allow multiple users to write, or to allow one user | ||
to write and others to read-only. | ||
|
||
#### Examples | ||
|
||
##### Add user to the jail `myjail` | ||
|
||
```puppet | ||
sftp_jail::user {'bob': | ||
jail => '/chroot/myjail', | ||
} | ||
``` | ||
|
||
##### Add user to the jail `myjail` and assign permissions | ||
|
||
```puppet | ||
sftp_jail::user{'bob': | ||
group => 'myjail_write', | ||
jail => '/chroot/myjail', | ||
} | ||
``` | ||
|
||
#### Parameters | ||
|
||
The following parameters are available in the `sftp_jail::user` defined type: | ||
|
||
* [`user`](#user) | ||
* [`group`](#group) | ||
* [`jail`](#jail) | ||
|
||
##### <a name="user"></a>`user` | ||
|
||
Data type: `Any` | ||
|
||
The username that will own the corresponding home directory in the jail, | ||
giving the user a place to land. | ||
|
||
Default value: `$name` | ||
|
||
##### <a name="group"></a>`group` | ||
|
||
Data type: `Any` | ||
|
||
The group that will own the corresponding home directory in the jail. | ||
|
||
Default value: `$name` | ||
|
||
##### <a name="jail"></a>`jail` | ||
|
||
Data type: `Any` | ||
|
||
The path of the jail's base directory, such as `/chroot/myjail`. Do not | ||
include a trailing slash. | ||
|
||
Default value: ``undef`` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.