Re: [Puppet Users] unable to create home directory

Mon, 04 Apr 2016 06:53:03 -0700 

On Monday, April 4, 2016 at 8:23:11 AM UTC-5, Patrick G. wrote:
>
> I don't need to create the user just /home/<username>/.ssh because the 
> user exist in ldap.
> So how do I give access to puppet to create only /home/admin/.ssh
>

As I wrote earlier, it's unclear whether yours is in fact an access control 
problem at all, but that seems one of the less likely possibilities.  If it 
turns out indeed to be the problem, then as, again, I wrote earlier, you 
need to more precisely identify the nature of the problem before you or we 
can solve it.  But do read on ....

If you are not managing a User resource for 'admin' -- which not related to 
whether you use LDAP as an account and credential database -- then yours is 
a trivial case of the one in which your local user management subsystem 
does not support managing user home directories.  As I wrote before, in 
that case you may need to manage the user's home directory explicitly.  And 
by that, I mean you *do* need to manage the user home directory (e.g. 
/home/admin) directly if you cannot otherwise rely on it to be present.  
Furthermore, you need to establish a relationship between home directory 
and key to ensure that the directory is synced first.  For example, 
something like this:

file { '/home/admin':
  ensure => 'directory',
  user =>   'admin',
  group =>  'admin',
  mode =>   '0750'
}

File['/home/admin'] -> Ssh_authorized_key<| user == 'admin' |>

There's a bit of an issue surrounding where (which class in which module) 
something like that should go, and I haven't the visibility into your 
manifest set to make any recommendations about that.  Furthermore, I 
reiterate that that is an *example*.  Your specific situation may require a 
variation on that, or even an altogether different approach that 
accomplishes the same thing.


John


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/bed959a1-2b6a-405b-b11f-cdb9c4726263%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to