Manages user configuration.
Supported corrective actions under: Debian.
- users
Realize all useraccount, massuseraccount and lookup defines tagged with 'administrators'. Also, realize User, Group, File and Exec likewise tagged, to handle exceptional cases.
- users::account
- users::gidsanity
- users::lookup
- users::lookupkey
- users::masskeys
- users::massuseraccount
- users::uidsanity
Create a user account with a primary group of the same name. If uid is provided and the client supports the custom facts provided with this module, do some sanity checking beforehand, moving users and groups with conflicting guids to the same guids + 10000.
Note that just like user name and primary group name are kept the same, uid and gid are kept equal.
Also copy a tree of files in one of two ways:
-
If there's a "managed" directory from one of the options below, use it and control file content. The file paths checked for are absolute, so it may need changing if the default file server path is different. Also, it uses a script at
/etc/puppet/modules/users/scripts
to check for these files, which may also need changing depending on the module path and module name./etc/puppet/files/users/home/managed/host/${username}.$fqdn
/etc/puppet/files/users/home/managed/host/${username}.$hostname
/etc/puppet/files/users/home/managed/domain/${username}.$domain
/etc/puppet/files/users/home/managed/env/${username}.$environment
/etc/puppet/files/users/home/managed/user/${username}
/etc/puppet/files/users/home/managed/skel
-
Otherwise, use one of the directories below as a default (modified files do not get replaced).
puppet:///files/users/home/default/host/${username}.$fqdn
puppet:///files/users/home/default/host/${username}.$hostname
puppet:///files/users/home/default/domain/${username}.$domain
puppet:///files/users/home/default/env/${username}.$environment
puppet:///files/users/home/default/user/${username}
puppet:///files/users/home/default/skel
puppet:///files/users/home/default/skel
puppet:///users/home/default/skel
In neither case will other files be purged. Also, there is no mode control, though all files will be created with user and group onwership.
Also ensures that the .ssh directory and .bash_history will be kept with appropriate permissions.
Example:
@users::useraccount { "bob":
ensure => present,
fullname => "Uncle Bob",
uid => 1000,
groups => [ "wheel" ], # Extra groups, defaults to none
shell => '/bin/bash', # default value
password => 'hash',
}
Checks that no other group is using this gid, and, if it is, moves it up 10000.
Also, if the group exists but doesn't presently have this gid, pre-emptively change group owner ship of all files in the home directory with the current gid, so that they'll be correct after the group id was corrected (elsewhere).
Add a user through extdata lookup. The user is added with the extra groups provided, but name, uid and password come from the csv file.
Example:
@users::lookup { 'username':
ensure => present, # default value
groups => [], # default value
}
CSV file:
username_account,uid,Full Name,hashed password
Add a key to a user's authorized_keys file through extdata lookup. It supports arbitrary number of options, and //requires// a comment field, which will be prepended with the username to avoid problems with it being used as primary key on ssh_authorized_keys when multiple users are using the same key.
Options containing double quotes should be enclosed in double quotes themselves, and its own double quotes doubled (see example).
The CSV format was designed to be almost equal to authorized_keys itself, with just the need to replace spaces separating options, key type, key and comment with commas, plus the above mentioned double quote handling.
Example:
@users::lookupkey { 'username':
ensure => present, # default value
}
CSV file:
username_sshkey,"from=""a.b.c.d""",no-port-forwarding,ssh-dss,key,comment
Add a key to user's authorized keys file through direct passing. Default comment on key is "default-key" and default type is "ssh-rsa".
Example:
@users::userkey { 'username':
ensure => present,
key => "key",
}
Add keys to user's authorized_keys files through extdata lookup. See users::lookupkey for more details.
Example:
@users::masskeys { 'group':
ensure => present, # default value
}
CSV file:
group_sshkeys,username
username_sshkey,"from=""a.b.c.d""",no-port-forwarding,ssh-dss,key,comment
Adds users through extdata lookup. The users are added with the extra groups provided, but name, uid and password come from the csv files, as well as the list of users.
Example:
@users::massuseraccount { 'group':
ensure => present, # default value
groups => [], # default value
}
CSV file:
group_accounts,username
username_account,uid,Full Name,hashed password
Checks that no other user is using this uid, and, if it is, moves it up 10000.