diff --git a/pam/manifests/init.pp b/pam/manifests/init.pp index 72f5d92..9a7765f 100644 --- a/pam/manifests/init.pp +++ b/pam/manifests/init.pp @@ -26,29 +26,43 @@ class pam::common { # Enable pam_mkhomedir module # -class pam::mkhomedir { +# $umask: +# The user file-creation mask is set to mask. The default value of +# mask is 0077. +# +class pam::mkhomedir ($umask=0077) { - include pam::common + include pam::common - case $::operatingsystem { - "centos","redhat","fedora": { - exec { "authconfig --enablemkhomedir --update": - path => "/bin:/usr/bin:/sbin:/usr/sbin", - unless => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig", - require => Package["authconfig"], - } - } - "ubuntu": { - file { "/usr/share/pam-configs/pam_mkhomedir": - source => "puppet:///modules/pam/pam_mkhomedir", - mode => "0644", - owner => "root", - group => "root", - require => Package["libpam-runtime"], - notify => Exec["pam-auth-update"], - } - } + case $::operatingsystem { + "centos","redhat","fedora": { + exec { "authconfig --enablemkhomedir --update": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + unless => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig", + require => Package["authconfig"], + } + augeas { "system-auth-pam_mkhomedir-umask": + context => "/files/etc/pam.d/system-auth/", + changes => "set *[module='pam_mkhomedir.so']/argument umask=${umask}", + require => Exec["authconfig --enablemkhomedir --update"], + } + augeas { "password-auth-pam_mkhomedir-umask": + context => "/files/etc/pam.d/password-auth/", + changes => "set *[module='pam_mkhomedir.so']/argument umask=${umask}", + require => Exec["authconfig --enablemkhomedir --update"], + } } + "ubuntu": { + file { "/usr/share/pam-configs/pam_mkhomedir": + source => "puppet:///modules/pam/pam_mkhomedir", + mode => "0644", + owner => "root", + group => "root", + require => Package["libpam-runtime"], + notify => Exec["pam-auth-update"], + } + } + } }