On Nov 9, 4:53 am, Arnau Bria <arnaub...@pic.es> wrote:
> I have a script that "translates" nis users into puppet users (we don't
> want nis services in our nodes, but use autofs for its homes... long
> history) So all users already have their homes if autofs is started.
> But I'd like to "change" some nis users homes from that shared area and
> create them locally.
>
> So, I was wondering if I could define some regexpr at user default
> for creating homes for those special users.
>
> If it's not possible I'll add some file (dir) type for creating
> those homes... it's not a big deal, I asked cause I wanted to
> understand type defaults better.
I'm not sure you've fully appreciated Bruce's remarks and advice. No,
you cannot use resource defaults to achieve what you want directly,
but if the User/managehome property would have been a suitable
approach as a default then it is just as suitable when specified per-
user. In other words, why not this:
User {
ensure => present,
provider => useradd,
managehome => false
}
user { "alice":
# ...
home => "/autohome/alice"
}
user { "bob":
# ...
home => "/home/bob",
managehome => true
}
If you have resource declarations for all the users whose homedir you
want managed, and especially if those are special cases anyway, then
that's exactly the case for overriding the default managehome value
for those users.
Yes, you can set up File resources for the homedirs if you want to
manage them directly through Puppet, but you don't have to do.
With that said, if your system relies on PAM, as it probably does,
then you can make PAM create homedirs as necessary when users log in.
That might be even more convenient for you. Some Linux distributions
even provide a nice GUI for setting this up, so that you don't need to
directly tweak your PAM configuration. (On RHEL/CentOS 5, it's at
System->Administration->Authentication/Options/[Create home
directories on the first login].) If you prefer to tweak the PAM
configuration manually then you would want to insert the
pam_mkhomedir.so module early in the "session" chain of the login
service. See the docs for more detail.
Cheers,
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
