Hi
I have been trying to make cfengine handle user account more usefully. To
this end, I have writtne a pair of modules for parsing users and group and
then creating classes based on what it finds.
If the user "martin" account exists, a class is created of the form
"user_martin".
If the group "systems" exists, a class is created of the form
"group_systems".
If the user "martin" is a member of the group "systems" then a class of
the form "group_systems_martin" is created.
Running cfagent, I can see these classes being instantiated:
Exec module [/var/lib/cfengine2/modules/module:parseusers ]
Activated classes: user_martin
Activated classes: user_adrian
<more users snipped to protected the innocent>
*********************************************************************
Main Tree Sched: module:parsegroups pass 1 @ Tue Jan 26 07:01:02 2010
*********************************************************************
---------------------------------------------------------------------
Plug-in `module:parsegroups'
---------------------------------------------------------------------
Exec module [/var/lib/cfengine2/modules/module:parsegroups ]
Activated classes: group_root
Activated classes: group_daemon
Activated classes: group_bin
Activated classes: group_sys
Activated classes: group_adm
Activated classes: group_tty
Activated classes: group_disk
Activated classes: group_lp
Activated classes: group_mail
Activated classes: group_news
Activated classes: group_uucp
Activated classes: group_man
Activated classes: group_proxy
Activated classes: group_kmem
Activated classes: group_dialout
Activated classes: group_fax
Activated classes: group_voice
Activated classes: group_cdrom
Activated classes: group_floppy
Activated classes: group_tape
Activated classes: group_sudo
Activated classes: group_audio
Activated classes: group_dip
Activated classes: group_www_data
Activated classes: group_backup
Activated classes: group_operator
Activated classes: group_list
Activated classes: group_irc
Activated classes: group_src
Activated classes: group_gnats
Activated classes: group_shadow
Activated classes: group_utmp
Activated classes: group_video
Activated classes: group_sasl
Activated classes: group_plugdev
Activated classes: group_staff
Activated classes: group_games
Activated classes: group_users
Activated classes: group_nogroup
Activated classes: group_libuuid
Activated classes: group_crontab
Activated classes: group_ssh
Activated classes: group_mbrooks
Activated classes: group_adrian
This mostly works. I can do things like:
shellcommands:
!user_martin::
"/path/to/my/useraddscript martin"
!group_systems::
"/path/to/my/groupaddscript systems"
!group_systems_martin::
"/path/to/my/addusertogroupscript martin systems"
And so on, and sure enough the groups and users are created.
In order to simplify the configuration, all of this is in a separate file
which is imported into the main config.
Here comes the problem I'm having. I want to use this system to _remove_
user accounts for legacy users, so I added something like the following:
shellcommands:
user_evil::
"/path/to/my/deleteuserscript evil"
The result? Nothing. cfengine just skips over the clause.
To make this do what I want, I have to add this to the config:
AddInstallable = ( user_evil )
I want to manage literally dozens of users. having to explicitly list them
will be a pain in the backside. The documented reason for needing
AddInstallable doesn't seem to apply as the modules activate the classes
_before_ the import.
Have I missed something here?
Thanks
Martin.
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
