ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
674 Commits
26 Branches
Tree: 73f29d733f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '73f29d733f'
${ noResults }
linux-formula/linux/system/user.sls

104 lines
2.3KB
Raw Blame History 

  1. {%- from "linux/map.jinja" import system with context %}

  2. {%- if system.enabled %}

  3. 

  4. include:

  5.   - linux.system.group

  6. 

  7. {%- for name, user in system.user.items() %}

  8. 

  9. {%- if user.enabled %}

  10. 

  11. {%- set requires = [] %}

  12. {%- for group in user.get('groups', []) %}

  13.   {%- if group in system.get('group', {}).keys() %}

  14.     {%- do requires.append({'group': 'system_group_'+group}) %}

  15.   {%- endif %}

  16. {%- endfor %}

  17. 

  18. {%- if user.gid is not defined %}

  19. system_group_{{ name }}:

  20.   group.present:

  21.   - name: {{ name }}

  22.   - require_in:

  23.     - user: system_user_{{ name }}

  24. {%- endif %}

  25. 

  26. system_user_{{ name }}:

  27.   user.present:

  28.   - name: {{ name }}

  29.   - home: {{ user.home }}

  30.   {% if user.get('password') == False %}

  31.   - enforce_password: false

  32.   {% elif user.get('password') == None %}

  33.   - enforce_password: true

  34.   - password: '*'

  35.   {% elif user.get('password') %}

  36.   - enforce_password: true

  37.   - password: {{ user.password }}

  38.   - hash_password: {{ user.get('hash_password', False) }}

  39.   {% endif %}

  40.   - gid_from_name: true

  41.   {%- if user.groups is defined %}

  42.   - groups: {{ user.groups }}

  43.   {%- endif %}

  44.   {%- if user.system is defined and user.system %}

  45.   - system: True

  46.   - shell: {{ user.get('shell', '/bin/false') }}

  47.   {%- else %}

  48.   - shell: {{ user.get('shell', '/bin/bash') }}

  49.   {%- endif %}

  50.   {%- if user.uid is defined and user.uid %}

  51.   - uid: {{ user.uid }}

  52.   {%- endif %}

  53.   - require: {{ requires|yaml }}

  54. 

  55. system_user_home_{{ user.home }}:

  56.   file.directory:

  57.   - name: {{ user.home }}

  58.   - user: {{ name }}

  59.   - mode: {{ user.get('home_dir_mode', 700) }}

  60.   - makedirs: true

  61.   - require:

  62.     - user: system_user_{{ name }}

  63. 

  64. {%- if user.get('sudo', False) %}

  65. 

  66. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:

  67.   file.managed:

  68.   - source: salt://linux/files/sudoer

  69.   - template: jinja

  70.   - user: root

  71.   - group: root

  72.   - mode: 440

  73.   - defaults:

  74.     user_name: {{ name }}

  75.   - require:

  76.     - user: system_user_{{ name }}

  77.   - check_cmd: /usr/sbin/visudo -c -f

  78. 

  79. {%- else %}

  80. 

  81. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:

  82.   file.absent

  83. 

  84. {%- endif %}

  85. 

  86. {%- else %}

  87. 

  88. system_user_{{ name }}:

  89.   user.absent:

  90.   - name: {{ name }}

  91. 

  92. system_user_home_{{ user.home }}:

  93.   file.absent:

  94.   - name: {{ user.home }}

  95. 

  96. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:

  97.   file.absent

  98. 

  99. {%- endif %}

  100. 

  101. {%- endfor %}

  102. 

  103. {%- endif %}