From 984317fca1b9781f59b7885af56007be035c66eb Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Wed, 30 Dec 2015 03:27:51 +0000 Subject: [PATCH 1/3] Use contents_pillar to work with multiple-line authorized_keys file --- users/init.sls | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/users/init.sls b/users/init.sls index deee86d..87b0ce8 100644 --- a/users/init.sls +++ b/users/init.sls @@ -207,9 +207,8 @@ users_authorized_keys_{{ name }}: {{ auth }} {% endfor -%} {% else %} - - contents: | - {%- for key_name, pillar_name in user['ssh_auth_pillar'].iteritems() %} - {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }} + {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %} + - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey {%- endfor %} {% endif %} {% endif %} From 4b840e646c4854fb05f5b40cd900ebce2578abbb Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Thu, 31 Dec 2015 08:23:00 +0000 Subject: [PATCH 2/3] Add missing keys in pillar.example (found in init.sls) --- pillar.example | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pillar.example b/pillar.example index e88ee3d..23c99aa 100644 --- a/pillar.example +++ b/pillar.example @@ -11,7 +11,9 @@ users: # WARNING: If 'empty_password' is set to True, the 'password' statement # will be ignored by enabling password-less login for the user. empty_password: False + system: False home: /custom/buser + user_dir_mode: 750 createhome: True roomnumber: "A-1" workphone: "(555) 555-5555" @@ -34,6 +36,7 @@ users: sudo_defaults: - '!requiretty' shell: /bin/bash + remove_groups: False prime_group: name: primarygroup gid: 500 From b94514529dad9edeefe2032740d7632b48c75579 Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Wed, 30 Dec 2015 03:31:57 +0000 Subject: [PATCH 3/3] Display "managed by Salt" header in user sudoers files --- users/init.sls | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/users/init.sls b/users/init.sls index 87b0ce8..8f22374 100644 --- a/users/init.sls +++ b/users/init.sls @@ -384,6 +384,11 @@ users_{{ users.sudoers_dir }}/{{ name }}: {%- endfor %} {%- endif %} {%- if 'sudo_rules' in user %} + ######################################################################## + # File managed by Salt (users-formula). + # Your changes will be overwritten. + ######################################################################## + # {%- for rule in user['sudo_rules'] %} {{ name }} {{ rule }} {%- endfor %} @@ -391,10 +396,10 @@ users_{{ users.sudoers_dir }}/{{ name }}: - require: - file: users_sudoer-defaults - file: users_sudoer-{{ name }} - cmd.wait: + cmd.wait: - name: visudo -cf {{ users.sudoers_dir }}/{{ name }} || ( rm -rvf {{ users.sudoers_dir }}/{{ name }}; exit 1 ) - - watch: - - file: {{ users.sudoers_dir }}/{{ name }} + - watch: + - file: {{ users.sudoers_dir }}/{{ name }} {% endif %} {% else %} users_{{ users.sudoers_dir }}/{{ name }}: