Salt
/
users-formula
mirror of https://github.com/saltstack-formulas/users-formula.git
0
0
Fork 0
Code Issues Activity

make AdminIdentity configureable per user

This commit is contained in:
Maximilian Zettler 2017-02-02 23:12:15 +01:00
parent 8c6bbafd9b
commit e1d0de230d
4 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pillar.example
View File

@ -38,6 +38,8 @@ users:
- ALL=(otheruser) /usr/bin/script.sh - ALL=(otheruser) /usr/bin/script.sh
sudo_defaults: sudo_defaults:
- '!requiretty' - '!requiretty'
# enable polkitadmin to make user an AdminIdentity for polkit
polkitadmin: True
shell: /bin/bash shell: /bin/bash
remove_groups: False remove_groups: False
prime_group: prime_group:

1
users/init.sls
View File

@ -32,6 +32,7 @@ include:
- users.user_files - users.user_files
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
- users.polkit
{% for name, user in pillar.get('users', {}).items() {% for name, user in pillar.get('users', {}).items()
if user.absent is not defined or not user.absent %} if user.absent is not defined or not user.absent %}

4
users/map.jinja
View File

@ -10,6 +10,8 @@
'bash_package': 'bash', 'bash_package': 'bash',
'sudo_package': 'sudo', 'sudo_package': 'sudo',
'googleauth_package': 'libpam-google-authenticator', 'googleauth_package': 'libpam-google-authenticator',
'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
'polkit_defaults': 'unix-group:sudo;'
}, },
'Gentoo': { 'Gentoo': {
'sudoers_dir': '/etc/sudoers.d', 'sudoers_dir': '/etc/sudoers.d',
@ -43,5 +45,7 @@
'bash_package': 'bash', 'bash_package': 'bash',
'sudo_package': 'sudo', 'sudo_package': 'sudo',
'googleauth_package': 'libpam-google-authenticator', 'googleauth_package': 'libpam-google-authenticator',
'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
'polkit_defaults': 'unix-group:sudo;'
}, },
}, merge=salt['pillar.get']('users:lookup')) %} }, merge=salt['pillar.get']('users:lookup')) %}

32
users/polkit.sls Normal file
View File

@ -0,0 +1,32 @@
{% from "users/map.jinja" import users with context %}
{% set polkitusers = {} %}
{% set polkitusers = {'value': ''} %}
{% for name, user in pillar.get('users', {}).items() %}
{% if user.absent is not defined or not user.absent %}
{% if 'polkitadmin' in user and user['polkitadmin'] %}
{% if polkitusers.update({'value': polkitusers.value + 'unix-user:' + name + ';'}) %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% if polkitusers.value != '' %}
users_{{ users.polkit_dir }}/99salt-users-formula.conf:
file.managed:
- replace: True
- onlyif: 'test -d {{ users.polkit_dir }}'
- name: {{ users.polkit_dir }}/99salt-users-formula.conf
- contents: |
########################################################################
# File managed by Salt (users-formula).
# Your changes will be overwritten.
########################################################################
#
[Configuration]
AdminIdentities={{ users.polkit_defaults }}{{ polkitusers.value }}
{% else %}
users_{{ users.polkit_dir }}/99salt-users-formula.conf_delete:
file.absent:
- name: {{ users.polkit_dir }}/99salt-users-formula.conf
{% endif %}