diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/restrictshell/manifests/allow.pp | 7 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/allow_git.pp | 3 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/allow_maintdb.pp | 3 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/allow_pkgsubmit.pp | 3 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/allow_rsync.pp | 3 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/allow_scp.pp | 3 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/allow_sftp.pp | 3 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/allow_svn.pp | 3 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/allow_upload_bin.pp | 3 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/init.pp | 77 | ||||
| -rw-r--r-- | modules/restrictshell/manifests/shell.pp | 14 |
11 files changed, 46 insertions, 76 deletions
diff --git a/modules/restrictshell/manifests/allow.pp b/modules/restrictshell/manifests/allow.pp new file mode 100644 index 00000000..361ee4a7 --- /dev/null +++ b/modules/restrictshell/manifests/allow.pp @@ -0,0 +1,7 @@ +define restrictshell::allow { + include shell + file { "/etc/membersh-conf.d/allow_$name.pl": + mode => '0755', + content => "\$use_$name = 1;\n", + } +} diff --git a/modules/restrictshell/manifests/allow_git.pp b/modules/restrictshell/manifests/allow_git.pp new file mode 100644 index 00000000..ed12a577 --- /dev/null +++ b/modules/restrictshell/manifests/allow_git.pp @@ -0,0 +1,3 @@ +class restrictshell::allow_git { + restrictshell::allow { 'git': } +} diff --git a/modules/restrictshell/manifests/allow_maintdb.pp b/modules/restrictshell/manifests/allow_maintdb.pp new file mode 100644 index 00000000..e5123cf1 --- /dev/null +++ b/modules/restrictshell/manifests/allow_maintdb.pp @@ -0,0 +1,3 @@ +class restrictshell::allow_maintdb { + restrictshell::allow{ 'maintdb': } +} diff --git a/modules/restrictshell/manifests/allow_pkgsubmit.pp b/modules/restrictshell/manifests/allow_pkgsubmit.pp new file mode 100644 index 00000000..14c6357b --- /dev/null +++ b/modules/restrictshell/manifests/allow_pkgsubmit.pp @@ -0,0 +1,3 @@ +class restrictshell::allow_pkgsubmit { + restrictshell::allow { 'pkgsubmit': } +} diff --git a/modules/restrictshell/manifests/allow_rsync.pp b/modules/restrictshell/manifests/allow_rsync.pp new file mode 100644 index 00000000..6049122a --- /dev/null +++ b/modules/restrictshell/manifests/allow_rsync.pp @@ -0,0 +1,3 @@ +class restrictshell::allow_rsync { + restrictshell::allow { 'rsync': } +} diff --git a/modules/restrictshell/manifests/allow_scp.pp b/modules/restrictshell/manifests/allow_scp.pp new file mode 100644 index 00000000..3e6cb1fb --- /dev/null +++ b/modules/restrictshell/manifests/allow_scp.pp @@ -0,0 +1,3 @@ +class restrictshell::allow_scp { + restrictshell::allow{ 'scp': } +} diff --git a/modules/restrictshell/manifests/allow_sftp.pp b/modules/restrictshell/manifests/allow_sftp.pp new file mode 100644 index 00000000..55c1f396 --- /dev/null +++ b/modules/restrictshell/manifests/allow_sftp.pp @@ -0,0 +1,3 @@ +class restrictshell::allow_sftp { + restrictshell::allow { 'sftp': } +} diff --git a/modules/restrictshell/manifests/allow_svn.pp b/modules/restrictshell/manifests/allow_svn.pp new file mode 100644 index 00000000..99b2c9fa --- /dev/null +++ b/modules/restrictshell/manifests/allow_svn.pp @@ -0,0 +1,3 @@ +class restrictshell::allow_svn { + restrictshell::allow{ 'svn': } +} diff --git a/modules/restrictshell/manifests/allow_upload_bin.pp b/modules/restrictshell/manifests/allow_upload_bin.pp new file mode 100644 index 00000000..b55c41b3 --- /dev/null +++ b/modules/restrictshell/manifests/allow_upload_bin.pp @@ -0,0 +1,3 @@ +class restrictshell::allow_upload_bin { + allow{ 'upload_bin': } +} diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp index bf1dfd04..c27f26dc 100644 --- a/modules/restrictshell/manifests/init.pp +++ b/modules/restrictshell/manifests/init.pp @@ -1,76 +1 @@ -class restrictshell { - class shell { - file {"/etc/membersh-conf.d": - ensure => directory, - owner => root, - group => root, - mode => 755, - } - - file { '/usr/local/bin/sv_membersh.pl': - ensure => present, - owner => root, - group => root, - mode => 755, - content => template("restrictshell/sv_membersh.pl"), - } - - file { '/etc/membersh-conf.pl': - ensure => present, - owner => root, - group => root, - mode => 755, - content => template("restrictshell/membersh-conf.pl"), - } - } - - define allow { - include shell - file { "/etc/membersh-conf.d/allow_$name.pl": - ensure => "present", - owner => root, - group => root, - mode => 755, - content => "\$use_$name = 1;\n", - } - } - - # yes, we could directly use the allow, but this is - # a nicer syntax - class allow_git { - allow{ "git": } - } - - class allow_rsync { - allow{ "rsync": } - } - - class allow_pkgsubmit { - allow{ "pkgsubmit": } - } - - class allow_svn { - allow{ "svn": } - } - - class allow_scp { - allow{ "scp": } - } - - class allow_sftp { - allow{ "sftp": } - } - - class allow_maintdb { - allow{ "maintdb": } - } - - class allow_upload_bin { - allow{ "upload_bin": } - } - - # technically, we could add cvs too - # but I doubt we will use it one day - - -} +class restrictshell { } diff --git a/modules/restrictshell/manifests/shell.pp b/modules/restrictshell/manifests/shell.pp new file mode 100644 index 00000000..c209f352 --- /dev/null +++ b/modules/restrictshell/manifests/shell.pp @@ -0,0 +1,14 @@ +class restrictshell::shell { + file { '/etc/membersh-conf.d': + ensure => directory, + } + + local_script { 'sv_membersh.pl': + content => template('restrictshell/sv_membersh.pl'), + } + + file { '/etc/membersh-conf.pl': + mode => '0755', + content => template('restrictshell/membersh-conf.pl'), + } +} |