Johan,
it seems like you should add policy => overridable to the relevant
variable in the append_user_field bundle.
On the other hand, it seems like it worth of trying a different approach:
vars:
"grp[unix]" string => "unix:!:1000:";
"grp[dba]" string => "dba:!:1001:";
"grp[support]" string => "support:!:1002:";
"lst[unix]" slist => { "a", "b", "c", "d" };
"lst[dba]" slist => { "e", "f", "g" };
"lst[support]" slist => { "h", "i", "j" };
"groups" slist => getindices("grp");
files:
aix::
"/etc/group"
perms => mog("644", "root", "security"),
create => "true",
edit_line => append_groups("$(grp[$(groups)])", "$(lst[$(groups)])");
with the relevant edit_line bundle like the following example:
bundle edit_line append_groups(grp, list)
{
vars:
"line" string => join(",", @(list));
classes:
"add_line" not => regline("$(grp).*", "$(edit.filename)");
insert_lines:
add_line::
"$(grp)$(line)";
}
Of course, this is subject to check since I'm writing strictly theoretically )
2010/5/27 Johan Marcusson <[email protected]>:
> Hello list,
>
> I'm new to CFengine, and I'm trying to set up synchronization of user
> accounts between some AIX-boxes.
> The user account part is working, but I'm having some issues with group
> memberships. I want to add some users to group "unix", some users to group
> "dba" and some users to group "support". However, it seems like the users for
> the unix group gets added to all the groups.
>
> Here is the configuration, this is CFengine 3 btw:
>
> vars:
>
> "grp[unix]" string => "unix:!:1000:";
> "grp[dba]" string => "dba:!:1001:";
> "grp[support]" string => "support:!:1002:";
>
> "grp_unix" slist => { "a", "b", "c", "d" };
> "grp_dba" slist => { "e", "f", "g" };
> "grp_support" slist => { "h", "i", "j" };
>
> files:
>
> aix::
>
> "/etc/group"
>
> perms => mog("644", "root", "security"),
> create => "true",
> edit_line => append_groups_starting("passwd.grp");
>
> "/etc/group"
>
> edit_line => append_user_field("unix", "4", "@(passwd.grp_unix)");
>
> "/etc/group"
>
> edit_line => append_user_field("dba", "4", "@(passwd.grp_dba)");
>
> "/etc/group"
>
> edit_line => append_user_field("support", "4", "@(passwd.grp_support)");
>
>
>
> Resulting group file:
>
> unix:!:1000:a,b,c,d
> support:!:1002:a,b,c,d
> dba:!:1001:a,b,c,d
>
> Same users in all groups!
>
> What am I doing wrong? Can't I have multiple edit_lines?
> I've read that you should use lists instead of doing like this, but I would
> need to make a list of lists for the users for each group and I'm not sure
> how to do that.
>
> I'm sure this is a very basic issue, but I'm having a hard time finding any
> answers with google. Maybe I misunderstood some fundamentals of CFengine :)
>
> Please advise
>
> Regards,
> Johan Marcusson
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
>
--
SY, Seva Gluschenko.
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
