From cf122d1bd6f86a419bc7f4db692ef2c310e09d08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= Date: Wed, 22 Jun 2016 12:08:39 +0200 Subject: [PATCH 01/12] Create a system usergroup if user is a system user If the user to be created is a system user, it makes no sense to create him a primary group which is not a system group too. --- users/init.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/users/init.sls b/users/init.sls index 03c9cf3..444053f 100644 --- a/users/init.sls +++ b/users/init.sls @@ -73,6 +73,9 @@ users_{{ name }}_user: {%- elif 'uid' in user %} - gid: {{ user['uid'] }} {%- endif %} + {% if 'system' in user and user['system'] %} + - system: True + {% endif %} user.present: - name: {{ name }} - home: {{ home }} From 2ac21426af44248f6c58ab2cb77bfff7e8a06df1 Mon Sep 17 00:00:00 2001 From: Tom Duijf Date: Thu, 23 Jun 2016 21:19:17 +0200 Subject: [PATCH 02/12] use already available home variable for user's ssh-key configuration --- users/init.sls | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/users/init.sls b/users/init.sls index 444053f..319e93b 100644 --- a/users/init.sls +++ b/users/init.sls @@ -38,7 +38,8 @@ include: {%- if user == None -%} {%- set user = {} -%} {%- endif -%} -{%- set home = user.get('home', "/home/%s" % name) -%} +{%- set current = salt.user.info(name) -%} +{%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} {%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- set user_group = user.prime_group.name -%} @@ -79,7 +80,7 @@ users_{{ name }}_user: user.present: - name: {{ name }} - home: {{ home }} - - shell: {{ user.get('shell', users.get('shell', '/bin/bash')) }} + - shell: {{ user.get('shell', current.get('shell', users.get('shell', '/bin/bash'))) }} {% if 'uid' in user -%} - uid: {{ user['uid'] }} {% endif -%} @@ -149,7 +150,7 @@ users_{{ name }}_user: 'ssh_config' in user %} user_keydir_{{ name }}: file.directory: - - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh + - name: {{ home }}/.ssh - user: {{ name }} - group: {{ user_group }} - makedirs: True @@ -166,8 +167,7 @@ user_keydir_{{ name }}: {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} users_user_{{ name }}_private_key: file.managed: - - name: {{ user.get('home', - '/home/{0}'.format(name)) }}/.ssh/{{ key_type }} + - name: {{ home }}/.ssh/{{ key_type }} - user: {{ name }} - group: {{ user_group }} - mode: 600 @@ -180,8 +180,7 @@ users_user_{{ name }}_private_key: {% endfor %} users_user_{{ name }}_public_key: file.managed: - - name: {{ user.get('home', - '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub + - name: {{ home }}/.ssh/{{ key_type }}.pub - user: {{ name }} - group: {{ user_group }} - mode: 644 @@ -230,8 +229,7 @@ users_ssh_auth_{{ name }}_{{ loop.index0 }}: {% for key_name, pillar_name in user['ssh_keys_pillar'].items() %} user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key: file.managed: - - name: {{ user.get('home', - '/home/{0}'.format(name)) }}/.ssh/{{ key_name }} + - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} - mode: 600 @@ -244,8 +242,7 @@ user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key: {% endfor %} user_ssh_keys_files_{{ name }}_{{ key_name }}_public_key: file.managed: - - name: {{ user.get('home', - '/home/{0}'.format(name)) }}/.ssh/{{ key_name }}.pub + - name: {{ home }}/.ssh/{{ key_name }}.pub - user: {{ name }} - group: {{ user_group }} - mode: 644 From 5cd73534add249db0898533381a627b3235734ec Mon Sep 17 00:00:00 2001 From: Tom Duijf Date: Thu, 23 Jun 2016 21:43:01 +0200 Subject: [PATCH 03/12] Updated remaining files to retain home dir existing user --- users/bashrc.sls | 3 ++- users/profile.sls | 3 ++- users/user_files.sls | 3 ++- users/vimrc.sls | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/users/bashrc.sls b/users/bashrc.sls index fc268f4..4d4ca4d 100644 --- a/users/bashrc.sls +++ b/users/bashrc.sls @@ -3,10 +3,11 @@ include: - users {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} +{%- set current = salt.user.info(name) -%} {%- if user == None -%} {%- set user = {} -%} {%- endif -%} -{%- set home = user.get('home', "/home/%s" % name) -%} +{%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} {%- set manage = user.get('manage_bashrc', False) -%} {%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- set user_group = user.prime_group.name -%} diff --git a/users/profile.sls b/users/profile.sls index b62c096..55ac8e2 100644 --- a/users/profile.sls +++ b/users/profile.sls @@ -3,10 +3,11 @@ include: - users {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} +{%- set current = salt.user.info(name) -%} {%- if user == None -%} {%- set user = {} -%} {%- endif -%} -{%- set home = user.get('home', "/home/%s" % name) -%} +{%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} {%- set manage = user.get('manage_profile', False) -%} {%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- set user_group = user.prime_group.name -%} diff --git a/users/user_files.sls b/users/user_files.sls index 95c1281..461628b 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -5,9 +5,10 @@ include: {% set userfile_dirs = salt['cp.list_master_dirs'](prefix='users/files/user/') -%} {%- for username, user in salt['pillar.get']('users', {}).items() if (user.absent is not defined or not user.absent) -%} +{%- set current = salt.user.info(username) -%} {%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%} {%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%} -{%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), '/home/' ~ username ) -%} +{%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%} {%- if user_files.enabled -%} {%- if user_files.source is defined -%} diff --git a/users/vimrc.sls b/users/vimrc.sls index e678bb6..5404738 100644 --- a/users/vimrc.sls +++ b/users/vimrc.sls @@ -4,10 +4,11 @@ include: - vim {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} +{%- set current = salt.user.info(name) -%} {%- if user == None -%} {%- set user = {} -%} {%- endif -%} -{%- set home = user.get('home', "/home/%s" % name) -%} +{%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%} {%- set manage = user.get('manage_vimrc', False) -%} {%- if 'prime_group' in user and 'name' in user['prime_group'] %} {%- set user_group = user.prime_group.name -%} From 8aa062c08e013dfa2fa627c232cf77d352de3460 Mon Sep 17 00:00:00 2001 From: adnanJP Date: Fri, 1 Jul 2016 08:20:20 +0200 Subject: [PATCH 04/12] Properly handle dependencies on ssh_auth when home is not create with the formula. --- users/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index 444053f..deee86d 100644 --- a/users/init.sls +++ b/users/init.sls @@ -221,7 +221,7 @@ users_ssh_auth_{{ name }}_{{ loop.index0 }}: - user: {{ name }} - name: {{ auth }} - require: - - file: users_{{ name }}_user + - file: user_keydir_{{ name }} - user: users_{{ name }}_user {% endfor %} {% endif %} From 984317fca1b9781f59b7885af56007be035c66eb Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Wed, 30 Dec 2015 03:27:51 +0000 Subject: [PATCH 05/12] Use contents_pillar to work with multiple-line authorized_keys file --- users/init.sls | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/users/init.sls b/users/init.sls index deee86d..87b0ce8 100644 --- a/users/init.sls +++ b/users/init.sls @@ -207,9 +207,8 @@ users_authorized_keys_{{ name }}: {{ auth }} {% endfor -%} {% else %} - - contents: | - {%- for key_name, pillar_name in user['ssh_auth_pillar'].iteritems() %} - {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }} + {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %} + - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey {%- endfor %} {% endif %} {% endif %} From 4b840e646c4854fb05f5b40cd900ebce2578abbb Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Thu, 31 Dec 2015 08:23:00 +0000 Subject: [PATCH 06/12] Add missing keys in pillar.example (found in init.sls) --- pillar.example | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pillar.example b/pillar.example index e88ee3d..23c99aa 100644 --- a/pillar.example +++ b/pillar.example @@ -11,7 +11,9 @@ users: # WARNING: If 'empty_password' is set to True, the 'password' statement # will be ignored by enabling password-less login for the user. empty_password: False + system: False home: /custom/buser + user_dir_mode: 750 createhome: True roomnumber: "A-1" workphone: "(555) 555-5555" @@ -34,6 +36,7 @@ users: sudo_defaults: - '!requiretty' shell: /bin/bash + remove_groups: False prime_group: name: primarygroup gid: 500 From b94514529dad9edeefe2032740d7632b48c75579 Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Wed, 30 Dec 2015 03:31:57 +0000 Subject: [PATCH 07/12] Display "managed by Salt" header in user sudoers files --- users/init.sls | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/users/init.sls b/users/init.sls index 87b0ce8..8f22374 100644 --- a/users/init.sls +++ b/users/init.sls @@ -384,6 +384,11 @@ users_{{ users.sudoers_dir }}/{{ name }}: {%- endfor %} {%- endif %} {%- if 'sudo_rules' in user %} + ######################################################################## + # File managed by Salt (users-formula). + # Your changes will be overwritten. + ######################################################################## + # {%- for rule in user['sudo_rules'] %} {{ name }} {{ rule }} {%- endfor %} @@ -391,10 +396,10 @@ users_{{ users.sudoers_dir }}/{{ name }}: - require: - file: users_sudoer-defaults - file: users_sudoer-{{ name }} - cmd.wait: + cmd.wait: - name: visudo -cf {{ users.sudoers_dir }}/{{ name }} || ( rm -rvf {{ users.sudoers_dir }}/{{ name }}; exit 1 ) - - watch: - - file: {{ users.sudoers_dir }}/{{ name }} + - watch: + - file: {{ users.sudoers_dir }}/{{ name }} {% endif %} {% else %} users_{{ users.sudoers_dir }}/{{ name }}: From 83ab48c316da54009470f529686b4af46c4c9bb7 Mon Sep 17 00:00:00 2001 From: Skyper Date: Thu, 28 Jul 2016 18:53:32 +0200 Subject: [PATCH 08/12] Fix typos in README.rst --- README.rst | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.rst b/README.rst index 4d784d7..543a712 100644 --- a/README.rst +++ b/README.rst @@ -19,7 +19,7 @@ Available states ``users`` --------- -Configure a user's home directory, group, the user itself, secondary groups, +Configures a user's home directory, group, the user itself, secondary groups, and associated keys. Also configures sudo access, and absent users. ``users.sudo`` @@ -31,21 +31,21 @@ is configured. ``users.bashrc`` ---------------- -Ensures the bashrc file exists in the users home directory. Set manage_bashrc: -True in pillar per user. Defaults to False +Ensures the bashrc file exists in the users home directory. Sets 'manage_bashrc: +True' in pillar per user. Defaults to False. ``users.profile`` ---------------- -Ensures the profile file exists in the users home directory. Set manage_profile: -True in pillar per user. Defaults to False +Ensures the profile file exists in the users home directory. Sets 'manage_profile: +True' in pillar per user. Defaults to False. ``users.vimrc`` --------------- -Ensures the vimrc file exists in the users home directory. Set manage_vimrc: -True in pillar per user. Defaults to False -This depends on the vim-formula to be installed +Ensures the vimrc file exists in the users home directory. Sets 'manage_vimrc: +True' in pillar per user. Defaults to False. +This depends on the vim-formula to be installed. ``users.user_files`` --------------- From 5538eb18ab75b8e348c24c6cbc4d3b5757db0147 Mon Sep 17 00:00:00 2001 From: jraby Date: Fri, 5 Aug 2016 14:05:12 -0400 Subject: [PATCH 09/12] Support for optional_groups --- users/init.sls | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/init.sls b/users/init.sls index 8e917ea..69e513d 100644 --- a/users/init.sls +++ b/users/init.sls @@ -135,6 +135,12 @@ users_{{ name }}_user: {% for group in user.get('groups', []) -%} - {{ group }} {% endfor %} + {% if 'optional_groups' in user %} + - optional_groups: + {% for optional_group in user['optional_groups'] -%} + - {{optional_group}} + {% endfor %} + {% endif %} - require: - group: {{ user_group }} {% for group in user.get('groups', []) -%} From 8aa174782ad447e7d5a1324d5b2afd91102a4735 Mon Sep 17 00:00:00 2001 From: jraby Date: Fri, 5 Aug 2016 15:04:53 -0400 Subject: [PATCH 10/12] Add example pillar data for optional_groups --- pillar.example | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pillar.example b/pillar.example index 23c99aa..220badc 100644 --- a/pillar.example +++ b/pillar.example @@ -42,6 +42,9 @@ users: gid: 500 groups: - users + optional_groups: + - some_groups_that_might + - not_exist_on_all_minions ssh_key_type: rsa # You can inline the private keys ... ssh_keys: From 57fce16643b46ce64ed2e56c0eaae086ebe06f52 Mon Sep 17 00:00:00 2001 From: Eric Veiras Galisson Date: Wed, 10 Aug 2016 10:32:46 +0200 Subject: [PATCH 11/12] fixing removing of users based on pillar['absent_users'], fix #126 --- users/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index 69e513d..5949caf 100644 --- a/users/init.sls +++ b/users/init.sls @@ -476,7 +476,8 @@ users_{{ users.sudoers_dir }}/{{ name }}: {% for user in pillar.get('absent_users', []) %} users_absent_user_2_{{ user }}: - user.absent + user.absent: + - name: {{ name }} users_2_{{ users.sudoers_dir }}/{{ user }}: file.absent: - name: {{ users.sudoers_dir }}/{{ user }} From 15ce6493cc1b56a3cbf38b361860206f2698af55 Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Tue, 30 Aug 2016 17:20:18 +0200 Subject: [PATCH 12/12] fix warning on managed file state for /etc/sudoers.d/username --- users/init.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/users/init.sls b/users/init.sls index 5949caf..b8dbf9a 100644 --- a/users/init.sls +++ b/users/init.sls @@ -341,6 +341,7 @@ users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}: users_sudoer-{{ name }}: file.managed: + - replace: False - name: {{ users.sudoers_dir }}/{{ name }} - user: root - group: {{ users.root_group }} @@ -379,6 +380,7 @@ users_sudoer-{{ name }}: users_{{ users.sudoers_dir }}/{{ name }}: file.managed: + - replace: True - name: {{ users.sudoers_dir }}/{{ name }} - contents: | {%- if 'sudo_defaults' in user %}