Managing entries in /etc/group (membership)
1,627 views
Skip to first unread message
Forrie
Oct 17, 2011, 6:04:26 PM10/17/11
to Puppet Users
I have a requirement to manage membership to groups in /etc/group.
These members do not need to be virtual users. I don't see a way to
do this through virtual users @group. How are others doing this?
These members do not need to be virtual users. I don't see a way to
do this through virtual users @group. How are others doing this?
Christopher Wood
Oct 17, 2011, 6:18:59 PM10/17/11
to puppet...@googlegroups.com
The user type allows you to specify supplemental groups (see the groups parameter). Is that what you were looking for?
http://docs.puppetlabs.com/references/stable/type.html#user
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
>
>
Forrie
Oct 17, 2011, 6:48:33 PM10/17/11
to Puppet Users
I want to manage the membership of the /etc/group entry -- this is
just until we get things moved into LDAP -- so there aren't any
virtual users to be connected with it. I had thought there was a
function to work with this, I could be mistaken.
On Oct 17, 6:18 pm, Christopher Wood <christopher_w...@pobox.com>
wrote:
just until we get things moved into LDAP -- so there aren't any
virtual users to be connected with it. I had thought there was a
function to work with this, I could be mistaken.
On Oct 17, 6:18 pm, Christopher Wood <christopher_w...@pobox.com>
wrote:
Christopher Wood
Oct 17, 2011, 6:50:17 PM10/17/11
to puppet...@googlegroups.com
If you're using ldap, why not handle groups there?
Forrie
Oct 17, 2011, 6:54:06 PM10/17/11
to Puppet Users
Christopher Wood
Oct 17, 2011, 9:14:23 PM10/17/11
to puppet...@googlegroups.com
Perhaps I misunderstand your situation, but it seems to me that:
1) local users now
response: puppetize user/group handling via manifests
2) ldap users in future
response: move user/group handling to ldap when you start using ldap
What is your situation?
Luke Bigum
Oct 18, 2011, 4:27:42 AM10/18/11
to Puppet Users
If I understand your problem correctly, no, there is no native
resource type in Puppet to manage a UNIX group, ie: this does not
exist:
group { "wheel":
members => "luke",
}
To manage group membership you need to know about every user you want
in every group. So if what you mean by "not having virtual users"
means you don't currently have any native User resources in Puppet
then you'd need to create them. They don't need to be virtual:
user { 'luke':
ensure => 'present',
groups => ['wheel', 'audio', 'mock'],
}
The other option is you use augeas to manage user entries, the example
below adds a user to a group:
augtool> print /files/etc/group/wheel
/files/etc/group/wheel
/files/etc/group/wheel/password = "x"
/files/etc/group/wheel/gid = "10"
/files/etc/group/wheel/user[1] = "root"
/files/etc/group/wheel/user[2] = "support"
/files/etc/group/wheel/user[3] = "biguml"
augtool> set /files/etc/group/wheel/user[last()+1] "woof"
augtool> print /files/etc/group/wheel
/files/etc/group/wheel
/files/etc/group/wheel/password = "x"
/files/etc/group/wheel/gid = "10"
/files/etc/group/wheel/user[1] = "root"
/files/etc/group/wheel/user[2] = "support"
/files/etc/group/wheel/user[3] = "biguml"
/files/etc/group/wheel/user[3] = "woof"
To do that in a Puppet resource you'd do this:
augeas { "woof_in_wheel_group":
changes => [ 'set /files/etc/group/wheel/user[last()+1] woof', ],
onlyif => "/bin/grep wheel /etc/group | /bin/grep woof",
}
You could easily turn that into a custom define to reuse it easily.
Hope that helps,
-Luke
resource type in Puppet to manage a UNIX group, ie: this does not
exist:
group { "wheel":
members => "luke",
}
To manage group membership you need to know about every user you want
in every group. So if what you mean by "not having virtual users"
means you don't currently have any native User resources in Puppet
then you'd need to create them. They don't need to be virtual:
user { 'luke':
ensure => 'present',
groups => ['wheel', 'audio', 'mock'],
}
The other option is you use augeas to manage user entries, the example
below adds a user to a group:
augtool> print /files/etc/group/wheel
/files/etc/group/wheel
/files/etc/group/wheel/password = "x"
/files/etc/group/wheel/gid = "10"
/files/etc/group/wheel/user[1] = "root"
/files/etc/group/wheel/user[2] = "support"
/files/etc/group/wheel/user[3] = "biguml"
augtool> set /files/etc/group/wheel/user[last()+1] "woof"
augtool> print /files/etc/group/wheel
/files/etc/group/wheel
/files/etc/group/wheel/password = "x"
/files/etc/group/wheel/gid = "10"
/files/etc/group/wheel/user[1] = "root"
/files/etc/group/wheel/user[2] = "support"
/files/etc/group/wheel/user[3] = "biguml"
/files/etc/group/wheel/user[3] = "woof"
To do that in a Puppet resource you'd do this:
augeas { "woof_in_wheel_group":
changes => [ 'set /files/etc/group/wheel/user[last()+1] woof', ],
onlyif => "/bin/grep wheel /etc/group | /bin/grep woof",
}
You could easily turn that into a custom define to reuse it easily.
Hope that helps,
-Luke
Reply all
Reply to author
Forward
0 new messages