diff options
author | Michael Scherer <misc@mageia.org> | 2010-11-23 01:11:10 +0000 |
---|---|---|
committer | Michael Scherer <misc@mageia.org> | 2010-11-23 01:11:10 +0000 |
commit | 01cae5b08f26d3ca9034bd02b13b21e762e81149 (patch) | |
tree | 6ad9e3d5cca42b564f0a8eb91fd138a378e6e561 /modules/restrictshell/manifests/init.pp | |
parent | 7c1cb4b1fa96fede6e6912d9698107cd5d4efb06 (diff) | |
download | puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.tar puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.tar.gz puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.tar.bz2 puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.tar.xz puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.zip |
- split the module in 2 part, and add class to allow to more easyly
combine the autorized shell
Diffstat (limited to 'modules/restrictshell/manifests/init.pp')
-rw-r--r-- | modules/restrictshell/manifests/init.pp | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp index 9d65f183..3ce1e0d0 100644 --- a/modules/restrictshell/manifests/init.pp +++ b/modules/restrictshell/manifests/init.pp @@ -1,5 +1,12 @@ class restrictshell { class shell { + file {"/etc/membersh-conf.d": + ensure => directory, + owner => root, + group => root, + mode => 755, + } + file { '/usr/local/bin/sv_membersh.pl': ensure => present, owner => root, @@ -7,16 +14,7 @@ class restrictshell { mode => 755, content => template("restrictshell/sv_membersh.pl"), } - } - class base { - include shell - $allow_svn = "0" - $allow_git = "0" - $allow_rsync = "0" - $allow_pkgsubmit = "0" - - $ldap_pwfile = "/etc/ldap.secret" file { '/etc/membersh-conf.pl': ensure => present, owner => root, @@ -24,6 +22,9 @@ class restrictshell { mode => 755, content => template("restrictshell/membersh-conf.pl"), } + } + + class ssh_keys_from_ldap { package { 'python-ldap': ensure => installed, @@ -37,6 +38,7 @@ class restrictshell { mode => 755, } + $ldap_pwfile = "/etc/ldap.secret" file { '/usr/local/bin/ldap-sshkey2file.py': ensure => present, owner => root, @@ -47,9 +49,32 @@ class restrictshell { } } - class allow_svn_git_pkgsubmit inherits base { - $allow_svn = "1" - $allow_git = "1" - $allow_pkgsubmit = "1" + define allow { + include shell + file { "/etc/membersh-conf.d/allow_$name.pl": + ensure => "present", + owner => root, + group => root, + mode => 755, + content => "\$use_$name = 1;\n", + } + } + + # yes, we could directly use the allow, but this is + # a nicer syntax + class allow_git { + allow{ "git": } + } + + class allow_rsync { + allow{ "rsync": } + } + + class allow_pkgsubmit { + allow{ "pkgsubmit": } + } + + class allow_svn { + allow{ "svn": } } } |