Thibault Cohen
3df9d8ae21
Add missing ssh_config test to create .ssh folder
2015-08-04 01:08:28 -04:00
puneet kandhari
ba11c68c24
Revert "@XenophonF made me do it"
...
This reverts commit a0392693e3
.
2015-07-27 12:50:49 -05:00
puneet kandhari
a0392693e3
@XenophonF made me do it
2015-07-27 12:45:56 -05:00
Matthew X. Economou
c201269d1d
Do not escape value of enforce_password
...
Fixes #82 .
2015-07-27 11:13:11 -04:00
puneet kandhari
0e72cc20b9
Merge pull request #77 from irtnog/add-managed-file-permissions-to-ssh_keys_pillar-states
...
Rework ssh_keys_pillar-related states
2015-07-25 15:32:33 -05:00
Seth Miller
7dca1ebfd2
Adding support for the enforce_password option.
...
This will allow users change their passwords after the initial setting in Salt.
2015-07-17 10:18:38 -05:00
Cole Kowalski
7dda5571db
the user's .ssh directory should be created if ssh_auth_file is supplied
2015-07-16 15:23:43 -04:00
Matthew X. Economou
2f4c088e5d
Rework ssh_keys_pillar-related states
...
SSH key pairs deployed via the user's ssh_keys_pillar dict aren't
handled the same as the user's ssh_keys, e.g., file ownership and
permissions aren't specified, and the keying material gets copied
directly into the SLS file. This change rewrites the two templated
file.managed states to behave as follows:
- set the files' owner to be the user
- set the files' group to be the user's primary group
- for the public key, set the mode to 644 (u=rw,go=r)
- for the private key, set the mode to 600 (u=rw,g=)
- pull the files' contents directly from pillar
2015-07-13 15:22:45 -04:00
René Jochum
a1d6591447
Fix users/init.sls.
...
Signed-off-by: René Jochum <rene@jochums.at>
2015-07-13 13:51:02 +02:00
René Jochum
2c4ed3edc9
Merge branch 'master' of github.com:pcdummy/saltstack-users-formula
...
Signed-off-by: René Jochum <rene@jochums.at>
Conflicts:
pillar.example
users/init.sls
2015-07-13 13:27:27 +02:00
René Jochum
00cc889683
Fix some smaller bugs.
...
Signed-off-by: René Jochum <rene@jochums.at>
2015-07-11 10:35:15 +02:00
Bohdan Kmit
d0bbbda8aa
readd 2fa pam enforcement
2015-07-01 19:15:31 +03:00
Bohdan Kmit
a467d2a80f
fix permission of GA config file
2015-07-01 18:39:53 +03:00
Niels Abspoel
622b846d7f
Enable/disable bashrc/vimrc per user
...
Made both states configurable per user in pillar data
Had to drop extend, for this otherwise the extend would be empty if manage is
False
2015-06-11 23:34:16 +02:00
Niels Abspoel
b4acac9de7
Added vimrc extension to users-formula
...
This will ensure that a given vimrc file in a users home dir is managed
Default it will search for a vimrc in salt://users/files/vimrc/{{ username
}}/vimrc
If this isn't found it will install salt://users/files/vimrc/vimrc
2015-06-10 22:56:57 +02:00
Niels Abspoel
eac091bf66
fix sources to source
2015-06-10 22:03:26 +02:00
Niels Abspoel
29ce431151
Added bashrc extension to users-formula
...
This will ensure a given bashrc file in a users home dir.
Default it will search for a bashrc in salt://users/files/bashrc/{{ username }}/bashrc
If no file is found it will install the default from
salt://users/files/bashrc/bashrc
2015-06-10 21:40:52 +02:00
Sander Klein
3a8d72b947
Add "Do Not Edit" part
2015-05-16 09:56:20 +02:00
Sander Klein
57c82f3324
Add ~/.ssh/config management
...
This adds the ability to manage the ~/.ssh/config file for users.
2015-05-15 21:47:40 +02:00
Florian Bittner
701326e23f
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
2015-05-07 00:07:06 +02:00
Alex Ciobica
031d6ce81f
Add pulling keys from other pillar.
...
Example pillar:
ssh_keys:
id_rsa:
privkey: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY
U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy
B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+
GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI
-----END RSA PRIVATE KEY-----
pubkey: |
ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
2015-05-01 18:48:28 +03:00
tiger-seo
1546e2d186
possibility to define user-specific Defaults
2015-04-06 22:34:59 +03:00
Andrew Vant
1f80412da8
Added option to source ssh public keys from files.
2015-04-02 13:01:30 -04:00
root
d416b6d839
Move ssh_auth_file key processing to before ssh_auth key to extend instead of overwrite functionality.
2015-03-13 13:32:39 +01:00
René Jochum
c1b383d78b
Add ability to create system users.
2015-03-12 23:27:31 +01:00
root
fdc2fc2dfc
Add 'ssh_auth_file' pillar key to generate an authorized_keys file from given ssh public keys.
2015-02-12 23:09:56 +01:00
René Jochum
6ca7aa0078
Remove leading whitespaces.
2015-01-23 20:52:14 +01:00
Bohdan Kmit
c3b5b87fb2
google auth example pillar config add; forgotten gauth state file add
2015-01-15 13:28:51 +00:00
Bohdan Kmit
89d6672887
google auth package and config installation
2015-01-14 17:25:17 +00:00
Thomas Juberg
7aa32881b7
Clean up logic check to remove redundant check.
2014-12-31 09:46:03 +01:00
Thomas Juberg
518b06281a
If createhome is set to false, don't touch the home directory or its
...
permissions.
2014-12-22 14:32:41 +01:00
Thomas Juberg
e35045801c
Add support for setting user expire
2014-12-22 14:22:46 +01:00
Tim Jones
add153e060
Allow '!' prefix in password for locked\disabled accounts.
...
Signed-off-by: Tim Jones <me@prototim.com>
2014-12-17 22:57:54 +01:00
Scott Reeves
ea76d0d84f
Remove trailing slash from sudoers_dir
2014-10-24 22:57:44 -04:00
Jason Wolfe
9a71d78d2b
Sorry for the spam, simplify this remove_groups rule a bit
2014-10-14 19:05:50 -07:00
Jason Wolfe
a899ee85ec
Make sure the logic stands after the default in salt is changed
2014-10-14 17:53:12 -07:00
Jason Wolfe
2a464d3dc3
By default, Salt will remove any groups not listed, so a users groups matches exactly the list you pass. This was added here:
...
https://github.com/saltstack/salt/issues/2142
This has been causing issues for many people, as the remove_groups options is undocumented. In the 2014.7 release this is changing, and remove_groups will default to false:
https://github.com/saltstack/salt/issues/13276
I'm going with false by default, as it's our use case and it will soon be the default. If people believe this module should default to true and remove groups not listed, I think that's open for discussion, but we should at least add the option.
2014-10-14 17:22:38 -07:00
Wolodja Wentland
13d7c271f2
Change default shell to /bin/csh on FreeBSD
...
This also made it necessary to introduce an additional entry 'shell' into the
users lookup table as the formula previously conflated the shell used for
running the visudo command and the default shell to be used for user accounts.
Fixes : #48
2014-09-11 16:06:43 +01:00
Alan Pearce
0c3b8ff765
Re-add ability to set shell per-user
2014-09-07 12:30:09 +01:00
Adam Wright
8e1d91b3f1
Add 'createhome' option for 'user.present' state
2014-09-07 13:23:06 +08:00
nike38rus
2cdb73927f
Fix issue with bash binary location in FreeBSD
2014-08-13 17:57:01 +09:00
tiger-seo
fda8708ecd
added option to specify user home directory mode
2014-08-06 19:22:16 +03:00
7oku
4a8393dca9
added option to remove ssh public keys from auth (ssh_auth.absent)
2014-08-03 01:40:27 +02:00
7oku
94d53d5ee7
modified visudo to only report change in salt when there is an error.
2014-08-03 01:06:02 +02:00
Tim Jones
8a07ab1332
Only include users.sudo when a user with sudouser is declared.
2014-07-28 16:48:08 +00:00
Wang Xuerui
6d0baa244a
Add Gentoo support
2014-05-31 19:15:03 +08:00
Wang Xuerui
22c8f7e106
Specify package names of bash and sudo according to grains
2014-05-31 19:14:00 +08:00
root
8417c6c888
Add support FreeBSD using map.jinja (Tested on Freebsd10)
2014-05-30 12:20:13 +09:00
Ash Berlin
d5923d82e6
Specify bash shell when validating sudo snippet
...
Since we are using bash specific features and sometimes you can end up getting /bin/sh - see https://github.com/saltstack-formulas/users-formula/pull/30#issuecomment-44224106
2014-05-27 22:52:41 +01:00
Seth House
2032369f0b
Merge pull request #32 from bsundsrud/sudoer_consistency
...
Overwrite a sudoer file rather than append to fix #21
2014-05-13 11:04:07 -06:00
Benn Sundsrud
e9cc0b29cb
Do not echo Public/Private keys to stdout when running the state
2014-05-13 11:37:38 -05:00
Benn Sundsrud
a8b6207265
Overwrite a sudoer file rather than append to fix #21
2014-05-13 11:36:49 -05:00
Ash Berlin
99d7b92b06
Ensure that we are sudo includes /etc/sudoers.d
...
It doesn't by default everywhere - without this the sudo_rules option won't work
2014-04-28 17:39:45 +01:00
Ash Berlin
192edba9c5
Validate user sudo rules before applying them
2014-04-28 15:52:43 +01:00
Eric Edgar
757e79c9d2
Add Password capabilities
2014-04-24 21:45:04 -05:00
Slawomir Pucia
07aeb2c4f8
New format of user.absent support introduced. Old format still supported.
2014-04-23 14:49:10 +02:00
Johannes
2416374d2b
Fix pubkey privkey typo
...
Fixes #22
2014-03-30 15:00:17 +00:00
Diego Woitasen
0e76454a16
Add absent_groups pillar to remove groups.
2014-03-14 20:07:22 -03:00
Adam Wright
2c58a76ce6
Check for sudo_rules before text.append state.
...
Since ebe5198f
, if a user's pillar dict didn't contain sudo_rules, a broken
file.append state would be rendered (since some text is required). With
this patch, the file is still created/managed by the previous state, but
will be empty by default if created fresh. This seems a more sensible
default than assuming a default sudoer policy.
Further, since the first word on each rule line should be the user's
name, that is now assumed.
2014-02-22 08:43:52 +00:00
Greg Shikhman
097b814f67
Changed 'contents' to 'contents_pillar' to correctly parse newlines for private/public SSH keys.
2014-02-16 23:34:47 -05:00
Wolodja Wentland
9636530169
Change .ssh permissions to 700
2014-02-14 14:13:17 +01:00
Steffen Roegner
0f83ab7008
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
2014-01-31 14:44:41 -05:00
madflojo
7284ece745
change pub key to use user_group
...
if you set an alternate prime_group this would break, replaced {{ name
}} with {{ user_group }}
2014-01-29 21:00:03 -07:00
madflojo
ebe5198f9d
Modified Private Keys and Sudoers
...
Changed Private keys to have content within pillar rather than the salt
file repository.
Changes sudoers entry to get values from pillar rather than assuming
all sudo users want root.
2014-01-29 19:53:09 -07:00
Tomáš Fejfar
7d1793cf00
SLS no longer fails for multiple groups
2014-01-14 16:49:45 +01:00
tiger-seo
5ce8d7d2c5
possibility to define alternate user`s prime group
2014-01-13 18:20:15 +02:00
Ryan Billington
547db95d62
Fix Undefined jinja variable error with Salt 0.17.1
...
Ran into an error with Salt version 0.17.1:
Rendering SLS users failed, render error: Undefined jinja variable; line 32
After finding https://github.com/saltstack/salt/issues/8245 , and working on
line 32, I surmised that line 28 might be the actual cause of the issue.
I just added a quick check to see if uid exists in user, just as the user uid
line does.
2013-11-14 10:13:45 -06:00
Shawn Butts
f25cec613a
better sudoers support & default gid
...
add support for sudouser being False.
change to adding sudoers config to /etc/sudoers.d/<user>
adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
2013-10-28 16:39:55 -04:00
J. Random Hacker
b07d21f4c6
Fixed user default shell source
...
Pulling 'shell' from pillar globally makes no sense, probably a mistake; pulling it from user instead.
2013-09-04 21:30:32 +02:00
J. Random Hacker
7b7ee3f2f8
Fix requisites for user state
...
group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
2013-08-08 13:42:55 +02:00
Ari Lerner
e00fdb22fd
Initial commit
2013-06-19 12:53:46 -07:00