1# Copyright 2021 Northern.tech AS 2 3# This file is part of CFEngine 3 - written and maintained by Northern.tech AS. 4 5# This program is free software; you can redistribute it and/or modify it 6# under the terms of the GNU General Public License as published by the 7# Free Software Foundation; version 3. 8 9# This program is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13 14# You should have received a copy of the GNU General Public License 15# along with this program; if not, write to the Free Software 16# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 17 18# To the extent this program is licensed as part of the Enterprise 19# versions of Cfengine, the applicable Commercial Open Source License 20# (COSL) may apply to this file if you as a licensee so wish it. See 21# included file COSL.txt. 22 23######################################################## 24# 25# Insert users into the passwd file of a system by 26# extracting named users from a master file - repeat 27# for /etc/shadow 28# 29######################################################## 30 31body common control 32 33{ 34 bundlesequence => { "updateusers" }; 35} 36 37######################################################## 38 39bundle agent updateusers 40 41{ 42 vars: 43 44 # Set $(testing) to "" for production 45 46 "testing" string => "/home/mark/tmp"; 47 "tmp" string => "$(testing)/etc/passwd_tmp"; 48 49 "extract_users" slist => { "mark", "root", "at", "www-run" }; 50 51 files: 52 53 # 54 # Take the passwed entries from source and add them to real_passwd 55 # 56 57 "$(tmp)" 58 59 create => "true", 60 edit_line => SelectUsers("$(testing)/masterfiles/passwd","@(this.extract_users)"); 61 62 # 63 # Intermediate file - should be secure - not in /tmp 64 # 65 66 "$(testing)/etc/passwd" 67 68 edit_line => ReplaceUsers("$(tmp)","@(this.extract_users)"); 69 70 # 71 72 "$(testing)/home/$(extract_users)/." 73 74 create => "true", 75 perms => userdir("$(extract_users)"); 76} 77 78 79 80 81 82 83######################################################## 84# Library stuff 85######################################################## 86 87body perms userdir(u) 88{ 89 mode => "755"; 90 owners => { "$(u)" }; 91 groups => { "users" }; 92} 93 94######################################################## 95 96bundle edit_line SelectUsers(f,l) 97{ 98 insert_lines: 99 100 "$(f)" 101 102 insert_type => "file", 103 insert_select => keep("@(l)"); 104} 105 106######################################################## 107 108bundle edit_line ReplaceUsers(f,l) 109{ 110 delete_lines: 111 112 "$(f)" 113 delete_select => discard("@(l)"); 114 115 insert_lines: 116 117 "$(f)" 118 119 insert_type => "file"; 120} 121 122######################################################## 123 124body insert_select keep(s) 125{ 126 insert_if_startwith_from_list => { @(s) }; 127} 128 129######################################################## 130 131body delete_select discard(s) 132{ 133 delete_if_not_startwith_from_list => { @(s) }; 134} 135