Commit 169562c7 authored by Christopher Huhn's avatar Christopher Huhn
Browse files

A bit of beautification and more documentation

parent d4d38e22
# `sys::accounts`
Create user accounts.
`attributes/accounts.rb`
`recipes/accounts.rb`
`tests/roles/sys_accounts_test.rb`
**Attributes**
## Standard user ressource attributes
All attributes in `node.sys.accounts`, where each key is a user
name with a configuration value. It wraps the `user` resources,
thus supports all of its options.
Attributes are set beneath `node['sys']['accounts'][_username_]`.
It wraps the `user` resources, thus supports all of its options.
**Example**
### Example
:sys => {
:accounts => {
......@@ -27,10 +28,44 @@ thus supports all of its options.
:uhura => {
:home => '/home/uhura',
:password => '$6$M4oxTop4k/2kd1nmrsiZdFfzKr1Q/',
:supports => {
:manage_home => true
}
:manage_home => true
}
}
}
## Non-standard attributes
`sys::accounts` supports additional attributes:
### Remote access
`node['sys'}['accounts'][_username_]['remote']` will add a rule
to `/etc/security/access.conf` cf. `recipes/pam.rb`, eg:
sys: {
accounts: {
picard: {
remote: 'ALL'
}
riker: {
remote: 'ncc.1701.de'
}
}
}
### sudo permissions
`node['sys'}['accounts'][_username_]['sudo']` will add a rule
to `/etc/sudoers.d/localadmin` cf. `recipes/sudo.rb`, eg:
sys: {
accounts: {
q: {
sudo: 'NOPASSWD: ALL'
}
picard: {
sudo: '/sbin/shutdown'
}
}
}
......@@ -143,6 +143,7 @@ unless (node['sys']['accounts'].empty? and node['sys']['groups'].empty?)
end
end
# add sudo rules from the sudo attribute:
if account.has_key?('sudo')
rule = "#{name} #{node['fqdn']} = #{account['sudo']}"
if node['sys']['sudo'].has_key?('localadmin')
......@@ -154,13 +155,14 @@ unless (node['sys']['accounts'].empty? and node['sys']['groups'].empty?)
end
end
# add pam_access rules from the remote attribute:
if account.key?('remote')
if node['sys']['pam'].key?('access')
node.default['sys']['pam']['access'] <<
"+:#{name}:#{account['remote']} LOCAL"
"+ : #{name} : #{account['remote']} LOCAL"
else
node.default['sys']['pam']['access'] = [
"+:#{name}:#{account['remote']} LOCAL"
"+ : #{name} : #{account['remote']} LOCAL"
]
end
log "Configuring remote access rules for #{name}" do
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment