ExternalMirrors
/
linux-formula
mirror da https://github.com/salt-formulas/salt-formula-linux
Segui 1
Vota 0
Forka 1
Codice Problemi 0 Rilasci 8 Wiki Attività
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
778 Commit
26 Rami (Branch)
Ramo (Branch): master
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da 'master'
${ noResults }
linux-formula/linux/system/user.sls

135 lines
3.1KB
Originale Permalink Blame Cronologia 

  1. {%- from "linux/map.jinja" import system with context %}

  2. {%- if system.enabled %}

  3. 

  4. include:

  5.   - linux.system.group

  6. 

  7. {%- for name, user in system.user.items() %}

  8. 

  9. {%- if user.enabled %}

  10. 

  11. {%- set requires = [] %}

  12. {%- for group in user.get('groups', []) %}

  13.   {%- if group in system.get('group', {}).keys() %}

  14.     {%- do requires.append({'group': 'system_group_'+group}) %}

  15.   {%- endif %}

  16. {%- endfor %}

  17. 

  18. {%- if user.gid is not defined %}

  19. system_group_{{ name }}:

  20.   group.present:

  21.   - name: {{ name }}

  22.   - require_in:

  23.     - user: system_user_{{ name }}

  24. {%- endif %}

  25. 

  26. {%- if user.get('makedirs') %}

  27. system_user_home_parentdir_{{ user.home }}:

  28.   file.directory:

  29.   - name: {{ user.home | path_join("..") }}

  30.   - makedirs: true

  31.   - require_in:

  32.     - user: system_user_{{ name }}

  33. {%- endif %}

  34. 

  35. system_user_{{ name }}:

  36.   user.present:

  37.   - name: {{ name }}

  38.   - home: {{ user.home }}

  39.   {% if user.get('password') == False %}

  40.   - enforce_password: false

  41.   {% elif user.get('password') == None %}

  42.   - enforce_password: true

  43.   - password: '*'

  44.   {% elif user.get('password') %}

  45.   - enforce_password: true

  46.   - password: {{ user.password }}

  47.   - hash_password: {{ user.get('hash_password', False) }}

  48.   {% endif %}

  49.   {%- if user.gid is defined and user.gid %}

  50.   - gid: {{ user.gid }}

  51.   {%- else %}

  52.   - gid: {{ name }}

  53.   {%- endif %}

  54.   {%- if user.groups is defined %}

  55.   - groups: {{ user.groups }}

  56.   {%- endif %}

  57.   {%- if user.system is defined and user.system %}

  58.   - system: True

  59.   - shell: {{ user.get('shell', '/bin/false') }}

  60.   {%- else %}

  61.   - shell: {{ user.get('shell', '/bin/bash') }}

  62.   {%- endif %}

  63.   {%- if user.uid is defined and user.uid %}

  64.   - uid: {{ user.uid }}

  65.   {%- endif %}

  66.   {%- if user.unique is defined %}

  67.   - unique: {{ user.unique }}

  68.   {%- endif %}

  69.   {%- if user.maxdays is defined %}

  70.   - maxdays: {{ user.maxdays }}

  71.   {%- endif %}

  72.   {%- if user.mindays is defined %}

  73.   - mindays: {{ user.mindays }}

  74.   {%- endif %}

  75.   {%- if user.warndays is defined %}

  76.   - warndays: {{ user.warndays }}

  77.   {%- endif %}

  78.   {%- if user.inactdays is defined %}

  79.   - inactdays: {{ user.inactdays }}

  80.   {%- endif %}

  81.   - require: {{ requires|yaml }}

  82.   {%- if user.allow_uid_change is defined and user.allow_uid_change %}

  83.   - allow_uid_change: true

  84.   {%- endif %}

  85. 

  86. system_user_home_{{ user.home }}:

  87.   file.directory:

  88.   - name: {{ user.home }}

  89.   - user: {{ name }}

  90.   - mode: {{ user.get('home_dir_mode', 700) }}

  91.   - makedirs: true

  92.   - require:

  93.     - user: system_user_{{ name }}

  94. 

  95. {%- if user.get('sudo', False) %}

  96. 

  97. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:

  98.   file.managed:

  99.   - source: salt://linux/files/sudoer

  100.   - template: jinja

  101.   - user: root

  102.   - group: root

  103.   - mode: 440

  104.   - defaults:

  105.     user_name: {{ name }}

  106.   - require:

  107.     - user: system_user_{{ name }}

  108.   - check_cmd: /usr/sbin/visudo -c -f

  109. 

  110. {%- else %}

  111. 

  112. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:

  113.   file.absent

  114. 

  115. {%- endif %}

  116. 

  117. {%- else %}

  118. 

  119. system_user_{{ name }}:

  120.   user.absent:

  121.   - name: {{ name }}

  122. 

  123. system_user_home_{{ user.home }}:

  124.   file.absent:

  125.   - name: {{ user.home }}

  126. 

  127. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:

  128.   file.absent

  129. 

  130. {%- endif %}

  131. 

  132. {%- endfor %}

  133. 

  134. {%- endif %}