SSH key pairs deployed via the user's ssh_keys_pillar dict aren't
handled the same as the user's ssh_keys, e.g., file ownership and
permissions aren't specified, and the keying material gets copied
directly into the SLS file. This change rewrites the two templated
file.managed states to behave as follows:
- set the files' owner to be the user
- set the files' group to be the user's primary group
- for the public key, set the mode to 644 (u=rw,go=r)
- for the private key, set the mode to 600 (u=rw,g=)
- pull the files' contents directly from pillar
This will ensure that a given vimrc file in a users home dir is managed
Default it will search for a vimrc in salt://users/files/vimrc/{{ username
}}/vimrc
If this isn't found it will install salt://users/files/vimrc/vimrc
This will ensure a given bashrc file in a users home dir.
Default it will search for a bashrc in salt://users/files/bashrc/{{ username }}/bashrc
If no file is found it will install the default from
salt://users/files/bashrc/bashrc
https://github.com/saltstack/salt/issues/2142
This has been causing issues for many people, as the remove_groups options is undocumented. In the 2014.7 release this is changing, and remove_groups will default to false:
https://github.com/saltstack/salt/issues/13276
I'm going with false by default, as it's our use case and it will soon be the default. If people believe this module should default to true and remove groups not listed, I think that's open for discussion, but we should at least add the option.
This also made it necessary to introduce an additional entry 'shell' into the
users lookup table as the formula previously conflated the shell used for
running the visudo command and the default shell to be used for user accounts.
Fixes: #48