# Class which contains all system users that have fixed UID's # class user::system { file { "/var/empty": ensure => directory, mode => 0755, owner => "root", group => $operatingsystem ? { "openbsd" => "wheel", default => "root", }, } if $operatingsystem == "ubuntu": { file { "/sbin/nologin": ensure => link, target => "/usr/sbin/nologin", owner => "root", group => "root", } } User { require => File["/var/empty"], } @group { "httpsd": ensure => present, gid => 800, } @user { "httpsd": ensure => present, uid => 800, gid => 800, comment => "Service HTTPS", home => "/var/empty", shell => "/sbin/nologin", require => Group["httpsd"], } @group { "smbguest": ensure => present, gid => 801, } @user { "smbguest": ensure => present, uid => 801, gid => 801, comment => "Service AWIMS", home => "/var/empty", shell => "/sbin/nologin", require => Group["smbguest"], } # ejabber server daemon @group { "ejabberd": ensure => present, gid => 802, } @user { "ejabberd": ensure => present, uid => 802, gid => 802, comment => "Service Jabber", home => "/var/lib/ejabberd", shell => $operatingsystem ? { "ubuntu" => "/bin/sh", default => "/sbin/nologin", }, require => Group["ejabberd"], } # Locate database owner @group { "locate": ensure => present, gid => 804, } @user { "locate": ensure => present, uid => 804, gid => 804, comment => "Service Locate", home => "/var/empty", shell => "/sbin/nologin", require => Group["locate"], } # License server daemon @group { "licensed": ensure => present, gid => 805, } @user { "licensed": ensure => present, uid => 805, gid => 805, comment => "Service Licensed", home => "/var/empty", shell => "/sbin/nologin", require => Group["licensed"], } # VMware Server 1.x daemon @group { "vmwared": ensure => present, gid => 806, } @user { "vmwared": ensure => present, uid => 806, gid => 806, comment => "Service VMware", home => "/home/vmwared", shell => "/sbin/nologin", require => Group["vmwared"], } # Samba domain computer account @group { "smbhost": ensure => present, gid => 807, } @user { "smbhost": ensure => present, uid => 807, gid => 807, comment => "Samba Host", home => "/var/empty", shell => "/sbin/nologin", require => Group["smbhost"], } # BackupPC server daemon @group { "backuppc": ensure => present, gid => 808, } @user { "backuppc": ensure => present, uid => 808, gid => 808, comment => "Service BackupPC", home => "/var/lib/BackupPC", shell => "/sbin/nologin", require => Group["backuppc"], } # SunRay Windows Connector @group { "srwc": ensure => present, gid => 809, } # Samba Domain Admins group @group { "smbadmin": ensure => present, gid => 810, } # MythTV server daemon @group { "mythtv": ensure => present, gid => 811, } @user { "mythtv": ensure => present, uid => 811, gid => 811, comment => "Service MythTV", home => "/var/lib/mythtv", shell => "/sbin/nologin", require => Group["mythtv"], } # Collab Helper Account & Group @group { "collab": ensure => present, gid => 812, } @user { "collab": ensure => present, uid => 812, gid => 812, comment => "Service Collab", home => "/var/empty", shell => "/sbin/nologin", require => Group["collab"], } # AbuseHelper @group { "abusehel": ensure => present, gid => 813, } @user { "abusehel": ensure => present, uid => 813, gid => 813, comment => "Service AbuseHelper", home => "/var/empty", shell => "/sbin/nologin", require => Group["abusehel"], } # VSRoom @group { "vsroom": ensure => present, gid => 814, } @user { "vsroom": uid => 814, gid => 814, comment => "Service VSRoom", home => "/var/empty", shell => "/sbin/nologin", require => Group["vsroom"], } # QEMU for KVM @group { "qemu": ensure => present, gid => 815, } @user { "qemu": uid => 815, gid => 815, comment => "Service QEMU", home => "/var/empty", shell => "/sbin/nologin", require => Group["qemu"], } } # Add local user account. # define user::newuser($uid, $gid, $comment, $home, $shell, $groups=undef, $requiregroups=undef) { user { $name: ensure => present, uid => $uid, gid => $gid, comment => $comment, home => $home, shell => $shell, groups => $groups, require => $requiregroups, notify => $operatingsystem ? { OpenBSD => [ Exec["user-mod-${name}"], Exec["user-home-${name}"], ], default => undef, } } exec { "user-mod-${name}": command => "usermod -L ldap ${name}", path => "/sbin:/usr/sbin:/bin:/usr/bin", refreshonly => true, require => File["/etc/login.conf"], } exec { "user-home-${name}": command => "/bin/sh -c 'umask 077; mkdir -p ${home} && tar cf - . | tar xf - -C ${home} && chown -R ${uid}:${gid} ${home}'", cwd => "/etc/skel", path => "/sbin:/usr/sbin:/bin:/usr/bin", creates => $home, refreshonly => true, } }