Merged in oherrala/puppet/pam_mkhomedir-umask (pull request #42)

pam: Make mkhomedir umask configurable. Tested with CentOS 6.
2014-01-21 10:56:22 +02:00 · 2014-01-21 10:56:22 +02:00 · 3c7a5624f6
commit 3c7a5624f6
parent 2f7b76a47b 782bc36cf1
1 changed files with 34 additions and 20 deletions
--- a/pam/manifests/init.pp
+++ b/pam/manifests/init.pp
@ -26,29 +26,43 @@ class pam::common {
 # Enable pam_mkhomedir module
 #
-class pam::mkhomedir {
+#   $umask:
 #     The user file-creation mask is set to mask. The default value of
 #     mask is 0077.
 #
 class pam::mkhomedir ($umask=0077) {
-    include pam::common
+  include pam::common
-    case $::operatingsystem {
+  case $::operatingsystem {
-        "centos","redhat","fedora": {
+    "centos","redhat","fedora": {
-            exec { "authconfig --enablemkhomedir --update":
+      exec { "authconfig --enablemkhomedir --update":
-                path    => "/bin:/usr/bin:/sbin:/usr/sbin",
+        path    => "/bin:/usr/bin:/sbin:/usr/sbin",
-                unless  => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig",
+        unless  => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig",
-                require => Package["authconfig"],
+        require => Package["authconfig"],
-            }
+      }
-        }
+      augeas { "system-auth-pam_mkhomedir-umask":
-        "ubuntu": {
+        context => "/files/etc/pam.d/system-auth/",
-            file { "/usr/share/pam-configs/pam_mkhomedir":
+        changes => "set *[module='pam_mkhomedir.so']/argument umask=${umask}",
-                source  => "puppet:///modules/pam/pam_mkhomedir",
+        require => Exec["authconfig --enablemkhomedir --update"],
-                mode    => "0644",
+      }
-                owner   => "root",
+      augeas { "password-auth-pam_mkhomedir-umask":
-                group   => "root",
+        context => "/files/etc/pam.d/password-auth/",
-                require => Package["libpam-runtime"],
+        changes => "set *[module='pam_mkhomedir.so']/argument umask=${umask}",
-                notify  => Exec["pam-auth-update"],
+        require => Exec["authconfig --enablemkhomedir --update"],
-            }
+      }
        }
    }
    "ubuntu": {
      file { "/usr/share/pam-configs/pam_mkhomedir":
        source  => "puppet:///modules/pam/pam_mkhomedir",
        mode    => "0644",
        owner   => "root",
        group   => "root",
        require => Package["libpam-runtime"],
        notify  => Exec["pam-auth-update"],
      }
    }
  }
 }