From 72ef35fdfa38bc0d930c5ab64bc8e101953fdc7d Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Mon, 7 Aug 2017 00:14:53 +0200 Subject: [PATCH 1/2] Added sudoonly switch. Usage implies setting sudouser to True --- users/init.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/users/init.sls b/users/init.sls index 0f3cd70..488e533 100644 --- a/users/init.sls +++ b/users/init.sls @@ -9,6 +9,9 @@ {%- if user == None -%} {%- set user = {} -%} {%- endif -%} +{%- if 'sudoonly' in user and user['sudoonly'] %} +{%- set _dummy=user.update({'sudouser': True}) %} +{%- endif %} {%- if 'sudouser' in user and user['sudouser'] %} {%- do used_sudo.append(1) %} {%- endif %} @@ -47,6 +50,7 @@ include: {%- set user_group = name -%} {%- endif %} +{%- if not ( 'sudoonly' in user and user['sudoonly'] ) %} {% for group in user.get('groups', []) %} users_{{ name }}_{{ group }}_group: group.present: @@ -353,6 +357,7 @@ users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}: - name: {{ host }} {% endfor %} {% endif %} +{% endif %} {% set sudoers_d_filename = name|replace('.','_') %} {% if 'sudouser' in user and user['sudouser'] %} From ad2ddd0265c9e087f7f397e64dff854791ca11f2 Mon Sep 17 00:00:00 2001 From: Jerzy Drozdz Date: Thu, 14 Jun 2018 20:12:13 +0200 Subject: [PATCH 2/2] Added short docs for options --- pillar.example | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pillar.example b/pillar.example index df81335..262ed33 100644 --- a/pillar.example +++ b/pillar.example @@ -29,6 +29,9 @@ users: manage_bashrc: False manage_profile: False expire: 16426 + # Disables user management except sudo rules. + # Useful for setting sudo rules for system accounts created by package instalation + sudoonly: False sudouser: True # sudo_rules doesn't need the username as a prefix for the rule # this is added automatically by the formula. @@ -121,6 +124,8 @@ users: 33333333 44444444 55555555 + # unique: True allows user to have non unique uid + unique: False uid: 1001 user_files: