The Thoughts of Matt Palmer
On many cfengine-managed systems, you need to be able to create users for local purposes. Jamie Wilkinson, CFEngine guru extraordinaire, does it like this:
For system users:
groups:
user_X_exists = ( ReturnsZero(/bin/sh -c "/usr/bin/id -u X >& /dev/null")
)
shellcommands:
!user_X_exists.redhat::
"/usr/sbin/useradd -r -c X -s /sbin/nologin -d / -M -g nobody X
!user_X_exists.debian::
"/usr/sbin/adduser --system --gecos X --shell /bin/false --home /
--no-create-home --disabled-login --disabled-password --group nobody X"
I do it with macros, so I don't have to type all that crap for every system
user I need, and so things like home directory and default group can be
changed easily.
In a perfect world, this idiom would turn into a users: section, but alas
I've not yet had the time to write a patch.
For humans, I use LDAP, and cfengine just takes care of configuring the auth
system.
Michael Chesterton, on the other hand, prefers the modular approach:
module:users
#!/bin/sh
/usr/bin/getent passwd |\
/usr/bin/awk -F: '{print "+user_" $1 "_exists"}' |\
sed 's/-/_/g'
control:
AddInstallable = ( user_user1_exists user_user2_exists )
actionsequence = ( module:users shellcommands )
shellcommands:
!user_user1_exists.redhat::
"/usr/sbin/useradd -r -c X -s /sbin/nologin -d / -M -g nobody X
...
It seems to work without addinstallable, but the docs say to use it, so
I do, otherwise there is a little less typing.
posted at: 13:45 | category: /knowledge/software/cfengine | permalink