1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
class restrictshell {
class shell {
file {"/etc/membersh-conf.d":
ensure => directory,
owner => root,
group => root,
mode => 755,
}
file { '/usr/local/bin/sv_membersh.pl':
ensure => present,
owner => root,
group => root,
mode => 755,
content => template("restrictshell/sv_membersh.pl"),
}
file { '/etc/membersh-conf.pl':
ensure => present,
owner => root,
group => root,
mode => 755,
content => template("restrictshell/membersh-conf.pl"),
}
}
define allow {
include shell
file { "/etc/membersh-conf.d/allow_$name.pl":
ensure => "present",
owner => root,
group => root,
mode => 755,
content => "\$use_$name = 1;\n",
}
}
# yes, we could directly use the allow, but this is
# a nicer syntax
class allow_git {
allow{ "git": }
}
class allow_rsync {
allow{ "rsync": }
}
class allow_pkgsubmit {
allow{ "pkgsubmit": }
}
class allow_svn {
allow{ "svn": }
}
class allow_scp {
allow{ "scp": }
}
class allow_sftp {
allow{ "sftp": }
}
# technically, we could add cvs too
# but I doubt we will use it one day
}
|
