From b905c8c5ef00cc05740f5e3e8fc13dfa3be0c9e3 Mon Sep 17 00:00:00 2001 From: Maximilian Zettler Date: Fri, 13 Jan 2017 21:50:36 +0100 Subject: [PATCH] add policy kit admin identity configuration for non root users under Debian and Ubuntu --- users/init.sls | 27 +++++++++++++++++++++++++++ users/map.jinja | 2 ++ 2 files changed, 29 insertions(+) diff --git a/users/init.sls b/users/init.sls index a4f6cba..30ed5fc 100644 --- a/users/init.sls +++ b/users/init.sls @@ -417,6 +417,27 @@ users_{{ users.sudoers_dir }}/{{ name }}: - name: {{ users.sudoers_dir }}/{{ name }} {% endif %} +# Policykit AdminIdentities Logik +{%- if 'polkitadmin' in user and user['polkitadmin'] %} +users_{{ users.polkit_dir }}/{{ name }}: + file.managed: + - replace: True + - onlyif: 'test -d {{ users.polkit_dir }}' + - name: {{ users.polkit_dir }}/{{ name }}.conf + - contents: | + ######################################################################## + # File managed by Salt (users-formula). + # Your changes will be overwritten. + ######################################################################## + # + [Configuration] + AdminIdentities=unix-user:{{ name }} +{%- else %} +users_{{ users.polkit_dir }}/{{ name }}: + file.absent: + - name: {{ users.polkit_dir }}/{{ name }}.conf +{%- endif %} + {%- if 'google_auth' in user %} {%- for svc in user['google_auth'] %} users_googleauth-{{ svc }}-{{ name }}: @@ -486,6 +507,9 @@ users_absent_user_{{ name }}: users_{{ users.sudoers_dir }}/{{ name }}: file.absent: - name: {{ users.sudoers_dir }}/{{ name }} +users_{{ users.polkit_dir }}/{{ name }}: + file.absent: + - name: {{ users.polkit_dir }}/{{ name }}.conf {% endfor %} {% for user in pillar.get('absent_users', []) %} @@ -495,6 +519,9 @@ users_absent_user_2_{{ user }}: users_2_{{ users.sudoers_dir }}/{{ user }}: file.absent: - name: {{ users.sudoers_dir }}/{{ user }} +users_2_{{ users.polkit_dir }}/{{ name }}: + file.absent: + - name: {{ users.polkit_dir }}/{{ name }}.conf {% endfor %} {% for group in pillar.get('absent_groups', []) %} diff --git a/users/map.jinja b/users/map.jinja index f81acc4..acadf33 100644 --- a/users/map.jinja +++ b/users/map.jinja @@ -10,6 +10,7 @@ 'bash_package': 'bash', 'sudo_package': 'sudo', 'googleauth_package': 'libpam-google-authenticator', + 'polkit_dir': '/etc/polkit-1/localauthority.conf.d', }, 'Gentoo': { 'sudoers_dir': '/etc/sudoers.d', @@ -43,5 +44,6 @@ 'bash_package': 'bash', 'sudo_package': 'sudo', 'googleauth_package': 'libpam-google-authenticator', + 'polkit_dir': '/etc/polkit-1/localauthority.conf.d', }, }, merge=salt['pillar.get']('users:lookup')) %}