From 138d26e398ae333db032adad78ac608426c2d7e0 Mon Sep 17 00:00:00 2001 From: Daniel Heule Date: Tue, 17 Dec 2013 14:13:20 +0100 Subject: [PATCH 1/3] extended type __user: parameter state, system, remove-home new --- cdist/conf/type/__user/TODO | 2 - cdist/conf/type/__user/explorer/group | 0 cdist/conf/type/__user/explorer/passwd | 0 cdist/conf/type/__user/explorer/shadow | 0 cdist/conf/type/__user/gencode-remote | 153 ++++++++++-------- cdist/conf/type/__user/man.text | 28 +++- cdist/conf/type/__user/parameter/boolean | 2 + .../conf/type/__user/parameter/default/state | 1 + cdist/conf/type/__user/parameter/optional | 1 + 9 files changed, 113 insertions(+), 74 deletions(-) delete mode 100644 cdist/conf/type/__user/TODO mode change 100755 => 100644 cdist/conf/type/__user/explorer/group mode change 100755 => 100644 cdist/conf/type/__user/explorer/passwd mode change 100755 => 100644 cdist/conf/type/__user/explorer/shadow mode change 100755 => 100644 cdist/conf/type/__user/gencode-remote create mode 100644 cdist/conf/type/__user/parameter/default/state diff --git a/cdist/conf/type/__user/TODO b/cdist/conf/type/__user/TODO deleted file mode 100644 index fa6aeee7..00000000 --- a/cdist/conf/type/__user/TODO +++ /dev/null @@ -1,2 +0,0 @@ -- delete users - diff --git a/cdist/conf/type/__user/explorer/group b/cdist/conf/type/__user/explorer/group old mode 100755 new mode 100644 diff --git a/cdist/conf/type/__user/explorer/passwd b/cdist/conf/type/__user/explorer/passwd old mode 100755 new mode 100644 diff --git a/cdist/conf/type/__user/explorer/shadow b/cdist/conf/type/__user/explorer/shadow old mode 100755 new mode 100644 diff --git a/cdist/conf/type/__user/gencode-remote b/cdist/conf/type/__user/gencode-remote old mode 100755 new mode 100644 index a2cdfd22..de559435 --- a/cdist/conf/type/__user/gencode-remote +++ b/cdist/conf/type/__user/gencode-remote @@ -2,6 +2,7 @@ # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2011 Nico Schottelius (nico-cdist at schottelius.org) +# 2013 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # @@ -21,11 +22,14 @@ # # Manage users. # +#set -x name="$__object_id" os="$(cat "$__global/explorer/os")" +state=$(cat "$__object/parameter/state") + # We need to shorten options for both usermod and useradd since on some # systems (such as *BSD, Darwin) those commands do not handle GNU style long # options. @@ -40,80 +44,97 @@ shorten_property() { shell) ret="-s";; uid) ret="-u";; create-home) ret="-m";; + system) ret="-r";; esac echo "$ret" } -cd "$__object/parameter" -if grep -q "^${name}:" "$__object/explorer/passwd"; then - for property in $(ls .); do - new_value="$(cat "$property")" - unset current_value +if [ "$state" = "present" ]; then + cd "$__object/parameter" + if grep -q "^${name}:" "$__object/explorer/passwd"; then + for property in $(ls .); do + new_value="$(cat "$property")" + unset current_value - file="$__object/explorer/passwd" + file="$__object/explorer/passwd" - case "$property" in - gid) - if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then - field=4 + case "$property" in + gid) + if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then + field=4 + else + # We were passed a group name. Compare the gid in + # the user's /etc/passwd entry with the gid of the + # group returned by the group explorer. + gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group") + gid_from_passwd=$(awk -F: '{ print $4 }' "$file") + if [ "$gid_from_group" != "$gid_from_passwd" ]; then + current_value="$gid_from_passwd" + else + current_value="$new_value" + fi + fi + ;; + password) + field=2 + file="$__object/explorer/shadow" + ;; + comment) field=5 ;; + home) field=6 ;; + shell) field=7 ;; + uid) field=3 ;; + create-home) continue;; # Does not apply to user modification + system) continue;; # Does not apply to user modification + state) continue;; # Does not apply to user modification + remove-home) continue;; # Does not apply to user modification + esac + + # If we haven't already set $current_value above, pull it from the + # appropriate file/field. + if [ -z "$current_value" ]; then + export field + current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")" + fi + + if [ "$new_value" != "$current_value" ]; then + set -- "$@" "$(shorten_property $property)" \'$new_value\' + fi + done + + if [ $# -gt 0 ]; then + if [ "$os" = "freebsd" ]; then + echo pw usermod "$@" "$name" + else + echo usermod "$@" "$name" + fi + else + true + fi + else + for property in $(ls .); do + [ "$property" = "state" ] && continue + [ "$property" = "remove-home" ] && continue + new_value="$(cat "$property")" + if [ -z "$new_value" ];then # Boolean values have no value + set -- "$@" "$(shorten_property $property)" else - # We were passed a group name. Compare the gid in - # the user's /etc/passwd entry with the gid of the - # group returned by the group explorer. - gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group") - gid_from_passwd=$(awk -F: '{ print $4 }' "$file") - if [ "$gid_from_group" != "$gid_from_passwd" ]; then - current_value="$gid_from_passwd" - else - current_value="$new_value" - fi + set -- "$@" "$(shorten_property $property)" \'$new_value\' fi - ;; - password) - field=2 - file="$__object/explorer/shadow" - ;; - comment) field=5 ;; - home) field=6 ;; - shell) field=7 ;; - uid) field=3 ;; - create-home) continue;; # Does not apply to user modification - esac + done - # If we haven't already set $current_value above, pull it from the - # appropriate file/field. - if [ -z "$current_value" ]; then - export field - current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")" - fi - - if [ "$new_value" != "$current_value" ]; then - set -- "$@" "$(shorten_property $property)" \'$new_value\' - fi - done - - if [ $# -gt 0 ]; then - if [ "$os" = "freebsd" ]; then - echo pw usermod "$@" "$name" - else - echo usermod "$@" "$name" - fi - else - true - fi + if [ "$os" = "freebsd" ]; then + echo pw useradd "$@" "$name" + else + echo useradd "$@" "$name" + fi + fi else - for property in $(ls .); do - new_value="$(cat "$property")" - if [ -z "$new_value" ];then # Boolean values have no value - set -- "$@" "$(shorten_property $property)" - else - set -- "$@" "$(shorten_property $property)" \'$new_value\' - fi - done - - if [ "$os" = "freebsd" ]; then - echo pw useradd "$@" "$name" - else - echo useradd "$@" "$name" - fi + if grep -q "^${name}:" "$__object/explorer/passwd"; then + #user exists, but state != present, so delete it + if [ -f "$__object/parameter/remove-home" ]; then + echo userdel -r "${name}" + else + echo userdel "${name}" + fi + fi fi diff --git a/cdist/conf/type/__user/man.text b/cdist/conf/type/__user/man.text index 9db4a9f0..2536c1bc 100644 --- a/cdist/conf/type/__user/man.text +++ b/cdist/conf/type/__user/man.text @@ -20,19 +20,29 @@ None. OPTIONAL PARAMETERS ------------------- +state:: + absent or present, defaults to present comment:: - see usermod(8) + see usermod(8) home:: - see above + see above gid:: - see above + see above password:: - see above + see above shell:: - see above + see above uid:: - see above + see above +system:: + see above +BOOLEAN PARAMETERS +------------------ +create-home:: + see useradd(8), apply only on user create +remove-home:: + see userdel(8), apply only on user delete EXAMPLES -------- @@ -44,8 +54,14 @@ __user foobar # Same but with a different shell __user foobar --shell /bin/zsh +# Same but for a system account +__user foobar --system + # Set explicit uid and home __user foobar --uid 1001 --shell /bin/zsh --home /home/foobar + +# Drop user if exists +__user foobar --state absent -------------------------------------------------------------------------------- diff --git a/cdist/conf/type/__user/parameter/boolean b/cdist/conf/type/__user/parameter/boolean index e0517c6a..83afdebe 100644 --- a/cdist/conf/type/__user/parameter/boolean +++ b/cdist/conf/type/__user/parameter/boolean @@ -1 +1,3 @@ create-home +remove-home +system diff --git a/cdist/conf/type/__user/parameter/default/state b/cdist/conf/type/__user/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__user/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__user/parameter/optional b/cdist/conf/type/__user/parameter/optional index e3cf52d5..de6c3838 100644 --- a/cdist/conf/type/__user/parameter/optional +++ b/cdist/conf/type/__user/parameter/optional @@ -1,3 +1,4 @@ +state comment home gid From 7d4c11a1860ffc6ef63c897264a19d9fc70507d7 Mon Sep 17 00:00:00 2001 From: Daniel Heule Date: Tue, 17 Dec 2013 14:15:41 +0100 Subject: [PATCH 2/3] reset false mode changes --- cdist/conf/type/__user/explorer/group | 0 cdist/conf/type/__user/explorer/passwd | 0 cdist/conf/type/__user/explorer/shadow | 0 cdist/conf/type/__user/gencode-remote | 0 4 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 cdist/conf/type/__user/explorer/group mode change 100644 => 100755 cdist/conf/type/__user/explorer/passwd mode change 100644 => 100755 cdist/conf/type/__user/explorer/shadow mode change 100644 => 100755 cdist/conf/type/__user/gencode-remote diff --git a/cdist/conf/type/__user/explorer/group b/cdist/conf/type/__user/explorer/group old mode 100644 new mode 100755 diff --git a/cdist/conf/type/__user/explorer/passwd b/cdist/conf/type/__user/explorer/passwd old mode 100644 new mode 100755 diff --git a/cdist/conf/type/__user/explorer/shadow b/cdist/conf/type/__user/explorer/shadow old mode 100644 new mode 100755 diff --git a/cdist/conf/type/__user/gencode-remote b/cdist/conf/type/__user/gencode-remote old mode 100644 new mode 100755 From e5253e0330c2e5ad15dd3e38e4f7cfde6af3228f Mon Sep 17 00:00:00 2001 From: Daniel Heule Date: Thu, 19 Dec 2013 08:14:29 +0100 Subject: [PATCH 3/3] correct man page text of system parameter --- cdist/conf/type/__user/man.text | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__user/man.text b/cdist/conf/type/__user/man.text index 2536c1bc..47e63d3d 100644 --- a/cdist/conf/type/__user/man.text +++ b/cdist/conf/type/__user/man.text @@ -34,11 +34,11 @@ shell:: see above uid:: see above -system:: - see above BOOLEAN PARAMETERS ------------------ +system:: + see useradd(8), apply only on user create create-home:: see useradd(8), apply only on user create remove-home::