diff options
author | Olivier Blin <dev@blino.org> | 2015-12-01 02:34:26 +0100 |
---|---|---|
committer | Olivier Blin <dev@blino.org> | 2015-12-01 02:42:40 +0100 |
commit | d2b415f90acc123d3406d399c60c0a40c70ca861 (patch) | |
tree | 050b50de09d00b4efe7f206b826fc5e9d838975f /deployment/shadow/manifests/init.pp | |
parent | 149bbaeb718f6a3cf7e6a6c3158072fccf3925eb (diff) | |
download | puppet-d2b415f90acc123d3406d399c60c0a40c70ca861.tar puppet-d2b415f90acc123d3406d399c60c0a40c70ca861.tar.gz puppet-d2b415f90acc123d3406d399c60c0a40c70ca861.tar.bz2 puppet-d2b415f90acc123d3406d399c60c0a40c70ca861.tar.xz puppet-d2b415f90acc123d3406d399c60c0a40c70ca861.zip |
shadow: Specifically change uid/gid max instead of copying custom login.defs
Copying a custom login.defs file is not really a good option, since we
have to manage many distribution versions, which do not necessarily
have the same login.defs settings.
Instead, we now only change the UID_MAX and GID_MAX values to 2000
(from an initial value of 60000). This is done so that locally created
accounts do not overlap LDAP-managed accounts, which starts at 5000.
This uses the file_line helper from the puppetlabs-stdlib module.
It means the puppet-stdlib package now needs to be installed on the
puppet master node.
Diffstat (limited to 'deployment/shadow/manifests/init.pp')
-rw-r--r-- | deployment/shadow/manifests/init.pp | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/deployment/shadow/manifests/init.pp b/deployment/shadow/manifests/init.pp index 083f86ba..c24c36bf 100644 --- a/deployment/shadow/manifests/init.pp +++ b/deployment/shadow/manifests/init.pp @@ -1,8 +1,23 @@ class shadow { - file { '/etc/login.defs': + include stdlib + + $login_defs = '/etc/login.defs' + + file { $login_defs: owner => 'root', group => 'shadow', mode => '0640', - source => 'puppet:///modules/shadow/login.defs', + } + + file_line { 'uid_max': + path => $login_defs, + line => 'UID_MAX 2000', + match => '^UID_MAX\s+', + } + + file_line { 'gid_max': + path => $login_defs, + line => 'GID_MAX 2000', + match => '^GID_MAX\s+', } } |