This one time, at band camp, Matthew Palmer wrote:
>This *feels* like a dirty hack to me; there has to be a more cfengine way,
>but I'm not sure which method would be nicest. Any suggestions? Google
>(surprisingly) didn't give me much love with queries like "cfengine create
>user" and "cfengine manage users".
For system users:
groups:
user_X_exists = ( ReturnsZero(/bin/sh -c "/usr/bin/id -u X >& /dev/null")
)
shellcommands:
!user_X_exists.redhat::
"/usr/sbin/useradd -r -c X -s /sbin/nologin -d / -M -g nobody X
!user_X_exists.debian::
"/usr/sbin/adduser --system --gecos X --shell /bin/false --home /
--no-create-home --disabled-login --disabled-password --group nobody X"
I do it with macros, so I don't have to type all that crap for every system
user I need, and so things like home directory and default group can be
changed easily.
In a perfect world, this idiom would turn into a users: section, but alas
I've not yet had the time to write a patch.
For humans, I use LDAP, and cfengine just takes care of configuring the auth
system.
_______________________________________________
Help-cfengine mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-cfengine
