Ask Your Question
0

Managing NIS users with puppet

asked 2014-08-05 05:29:21 -0500

fetch gravatar image

Hi

I started using puppet for managing our RHEL servers. At this point I try to setup the user management. We are running a NIS environment on our campus, so until now I added the line +testuser::::: to the /etc/passwd file which then received the user information over NIS. What I want to achieve is that I have a set of admin users (admin1, admin2 and admin3) which can log in to every machine and a set of users (user1, user2 and user3) which are different on every machines. At the end of the passwd file I need an entry line +::::::/sbin/nologin to have all users information available but grant no access to them.

So /etc/passwd on one machine would look like
+admin1::::::
+admin2::::::
+admin3::::::
+user1::::::
+user2::::::
+::::::/sbin/nologin

and on an other machine
+admin1::::::
+admin2::::::
+admin3::::::
+user1::::::
+user3::::::
+::::::/sbin/nologin

Because the admin users are rather static but the normal users vary from system to system, I thought to declare the admin users in a module and the normal users on a per node basis.

My first problem is, how to edit the /etc/passwd file to add the lines. Furthermore it's important that the sorting is correct, so that the nologin line is at the end. Do you have any idea how to achieve this in a flexible manner?

Thanks and regards Pascal

edit retag flag offensive close merge delete

Comments

I am trying to research this too. one suggestion i had by a puppet professional service engineer is to explore the use of access.conf

Walid Shaari gravatar imageWalid Shaari ( 2014-12-20 04:38:41 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-08-19 08:38:24 -0500

ethrbunny gravatar image

There are probably several ways to approach this - a spectrum from "file per server" to something akin to using an ENC to generate the appropriate file when requested by the node.

I've seen some postings about issues generating the 'user:::::' type entries using the standard password module(s) though so you may have to start with a (slightly) more 'primitive' approach and work up from there.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2014-08-05 05:29:21 -0500

Seen: 195 times

Last updated: Aug 19 '14