250 lines
5.9 KiB
Puppet
250 lines
5.9 KiB
Puppet
# Class which contains all system users that have fixed UID's
|
|
#
|
|
class user::system {
|
|
|
|
file { "/var/empty":
|
|
ensure => directory,
|
|
mode => 0755,
|
|
owner => "root",
|
|
group => $operatingsystem ? {
|
|
openbsd => "wheel",
|
|
default => "root",
|
|
},
|
|
}
|
|
|
|
User {
|
|
require => File["/var/empty"],
|
|
}
|
|
|
|
@group { "httpsd":
|
|
ensure => present,
|
|
gid => 800,
|
|
}
|
|
@user { "httpsd":
|
|
ensure => present,
|
|
uid => 800,
|
|
gid => 800,
|
|
comment => "Service HTTPS",
|
|
home => "/var/empty",
|
|
shell => "/sbin/nologin",
|
|
require => Group["httpsd"],
|
|
}
|
|
|
|
@group { "smbguest":
|
|
ensure => present,
|
|
gid => 801,
|
|
}
|
|
@user { "smbguest":
|
|
ensure => present,
|
|
uid => 801,
|
|
gid => 801,
|
|
comment => "Service AWIMS",
|
|
home => "/var/empty",
|
|
shell => "/sbin/nologin",
|
|
require => Group["smbguest"],
|
|
}
|
|
|
|
# ejabber server daemon
|
|
@group { "ejabberd":
|
|
ensure => present,
|
|
gid => 802,
|
|
}
|
|
@user { "ejabberd":
|
|
ensure => present,
|
|
uid => 802,
|
|
gid => 802,
|
|
comment => "Service Jabber",
|
|
home => "/var/lib/ejabberd",
|
|
shell => $operatingsystem ? {
|
|
"ubuntu" => "/bin/sh",
|
|
default => "/sbin/nologin",
|
|
},
|
|
require => Group["ejabberd"],
|
|
}
|
|
|
|
# Locate database owner
|
|
@group { "locate":
|
|
ensure => present,
|
|
gid => 804,
|
|
}
|
|
@user { "locate":
|
|
ensure => present,
|
|
uid => 804,
|
|
gid => 804,
|
|
comment => "Service Locate",
|
|
home => "/var/empty",
|
|
shell => "/sbin/nologin",
|
|
require => Group["locate"],
|
|
}
|
|
|
|
# License server daemon
|
|
@group { "licensed":
|
|
ensure => present,
|
|
gid => 805,
|
|
}
|
|
@user { "licensed":
|
|
ensure => present,
|
|
uid => 805,
|
|
gid => 805,
|
|
comment => "Service Licensed",
|
|
home => "/var/empty",
|
|
shell => "/sbin/nologin",
|
|
require => Group["licensed"],
|
|
}
|
|
|
|
# VMware Server 1.x daemon
|
|
@group { "vmwared":
|
|
ensure => present,
|
|
gid => 806,
|
|
}
|
|
@user { "vmwared":
|
|
ensure => present,
|
|
uid => 806,
|
|
gid => 806,
|
|
comment => "Service VMware",
|
|
home => "/home/vmwared",
|
|
shell => "/sbin/nologin",
|
|
require => Group["vmwared"],
|
|
}
|
|
|
|
# Samba domain computer account
|
|
@group { "smbhost":
|
|
ensure => present,
|
|
gid => 807,
|
|
}
|
|
@user { "smbhost":
|
|
ensure => present,
|
|
uid => 807,
|
|
gid => 807,
|
|
comment => "Samba Host",
|
|
home => "/var/empty",
|
|
shell => "/sbin/nologin",
|
|
require => Group["smbhost"],
|
|
}
|
|
|
|
# BackupPC server daemon
|
|
@group { "backuppc":
|
|
ensure => present,
|
|
gid => 808,
|
|
}
|
|
@user { "backuppc":
|
|
ensure => present,
|
|
uid => 808,
|
|
gid => 808,
|
|
comment => "Service BackupPC",
|
|
home => "/var/lib/BackupPC",
|
|
shell => "/sbin/nologin",
|
|
require => Group["backuppc"],
|
|
}
|
|
|
|
# SunRay Windows Connector
|
|
@group { "srwc":
|
|
ensure => present,
|
|
gid => 809,
|
|
}
|
|
|
|
# Samba Domain Admins group
|
|
@group { "smbadmin":
|
|
ensure => present,
|
|
gid => 810,
|
|
}
|
|
|
|
# MythTV server daemon
|
|
@group { "mythtv":
|
|
ensure => present,
|
|
gid => 811,
|
|
}
|
|
@user { "mythtv":
|
|
ensure => present,
|
|
uid => 811,
|
|
gid => 811,
|
|
comment => "Service MythTV",
|
|
home => "/var/lib/mythtv",
|
|
shell => "/sbin/nologin",
|
|
require => Group["mythtv"],
|
|
}
|
|
|
|
# Collab Helper Account & Group
|
|
@group { "collab":
|
|
ensure => present,
|
|
gid => 812,
|
|
}
|
|
@user { "collab":
|
|
ensure => present,
|
|
uid => 812,
|
|
gid => 812,
|
|
comment => "Service Collab",
|
|
home => "/var/empty",
|
|
shell => "/sbin/nologin",
|
|
require => Group["collab"],
|
|
}
|
|
|
|
# AbuseHelper
|
|
@group { "abusehel":
|
|
ensure => present,
|
|
gid => 813,
|
|
}
|
|
@user { "abusehel":
|
|
ensure => present,
|
|
uid => 813,
|
|
gid => 813,
|
|
comment => "Service AbuseHelper",
|
|
home => "/var/empty",
|
|
shell => "/sbin/nologin",
|
|
require => Group["abusehel"],
|
|
}
|
|
|
|
# VSRoom
|
|
@group { "vsroom":
|
|
ensure => present,
|
|
gid => 814,
|
|
}
|
|
@user { "vsroom":
|
|
uid => 814,
|
|
gid => 814,
|
|
comment => "Service VSRoom",
|
|
home => "/var/empty",
|
|
shell => "/sbin/nologin",
|
|
require => Group["vsroom"],
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
# Add local user account.
|
|
#
|
|
define user::newuser($uid, $gid, $comment, $home, $shell, $groups=undef, $requiregroups=undef) {
|
|
|
|
user { "${name}":
|
|
ensure => present,
|
|
uid => $uid,
|
|
gid => $gid,
|
|
comment => $comment,
|
|
home => $home,
|
|
shell => $shell,
|
|
groups => $groups,
|
|
require => $requiregroups,
|
|
notify => $operatingsystem ? {
|
|
OpenBSD => [ Exec["user-mod-${name}"],
|
|
Exec["user-home-${name}"], ],
|
|
default => undef,
|
|
}
|
|
}
|
|
|
|
exec { "user-mod-${name}":
|
|
command => "usermod -L ldap ${name}",
|
|
path => "/sbin:/usr/sbin:/bin:/usr/bin",
|
|
refreshonly => true,
|
|
require => File["/etc/login.conf"],
|
|
}
|
|
|
|
exec { "user-home-${name}":
|
|
command => "umask 077; mkdir -p ${home} && tar cf - . | tar xf - -C ${home} && chown -R ${uid}:${gid} ${home}",
|
|
cwd => "/etc/skel",
|
|
path => "/sbin:/usr/sbin:/bin:/usr/bin",
|
|
creates => "${home}",
|
|
refreshonly => true,
|
|
}
|
|
|
|
}
|