Revision 4c0728ec
Added by Alexis Mousset over 6 years ago
techniques/systemSettings/userManagement/groupManagement/5.0/groupManagement.st | ||
---|---|---|
|
||
# Enforce group content on if groupmanagement_group_${index}_enforce_content is set
|
||
"/etc/group"
|
||
edit_line => groups_file_append("${name}", "@(check_usergroup_group_parameters_grouphandle.userlist)"),
|
||
edit_line => groups_file_set("${name}", "@(check_usergroup_group_parameters_grouphandle.userlist)"),
|
||
edit_defaults => noempty_backup,
|
||
classes => rudder_common_classes("groupmanagement_group_add_${index}"),
|
||
ifvarclass => "groupmanagement_group_${index}_enforce_content.(!groupmanagement_group_${index}_absent|groupmanagement_group_add_${index}_repaired)",
|
||
comment => "Set users on the group ${name} only if the group is already present";
|
||
|
||
# Append group content on if groupmanagement_group_${index}_enforce_content is not set
|
||
"/etc/group"
|
||
edit_line => append_user_field("${name}", "4", "@(check_usergroup_group_parameters_grouphandle.userlist)"),
|
||
edit_defaults => noempty_backup,
|
||
classes => rudder_common_classes("groupmanagement_group_add_${index}"),
|
||
ifvarclass => "!groupmanagement_group_${index}_enforce_content.(!groupmanagement_group_${index}_absent|groupmanagement_group_add_${index}_repaired)",
|
||
comment => "Append users on the group ${name} only if the group is already present";
|
||
|
||
# Enforce GID if setgid has been set
|
||
"/etc/group"
|
||
create => "false",
|
||
... | ... | |
"any" usebundle => rudder_common_report("groupManagement", "result_success", "${directiveId}", "Groups", "${name}", "The group ${name} is already present and compliant with the policy"),
|
||
ifvarclass => "groupmanagement_group_add_${index}_kept.!(groupmanagement_group_add_${index}_repaired|groupmanagement_group_add_${index}_error)";
|
||
|
||
"any" usebundle => rudder_common_report("groupManagement", "result_success", "${directiveId}", "Groups", "${name}", "The group ${name} is already present and doesn't require to have its content enforced"),
|
||
ifvarclass => "!groupmanagement_group_${index}_absent.!groupmanagement_group_${index}_enforce_content.!(groupmanagement_group_add_${index}_kept.groupmanagement_group_add_${index}_repaired|groupmanagement_group_add_${index}_error)";
|
||
|
||
"any" usebundle => rudder_common_report("groupManagement", "result_repaired", "${directiveId}", "Groups", "${name}", "The group ${name} has been updated"),
|
||
ifvarclass => "groupmanagement_group_add_${index}_repaired.!(groupmanagement_group_add_${index}_kept|groupmanagement_group_add_${index}_error)";
|
||
|
||
... | ... | |
|
||
}
|
||
|
||
bundle edit_line groups_file_append(group,userlist)
|
||
bundle edit_line groups_file_set(group,userlist)
|
||
{
|
||
|
||
vars:
|
techniques/systemSettings/userManagement/groupManagement/5.0/metadata.xml | ||
---|---|---|
</INPUT>
|
||
<INPUT>
|
||
<NAME>USERGROUP_GROUP_ENFORCE_CONTENT</NAME>
|
||
<DESCRIPTION>Enforce content of the group</DESCRIPTION>
|
||
<DESCRIPTION>Enforce only the following users in the group</DESCRIPTION>
|
||
<LONGDESCRIPTION>Group content will be enforced even if you don't specify a user list</LONGDESCRIPTION>
|
||
<CONSTRAINT>
|
||
<TYPE>boolean</TYPE>
|
Also available in: Unified diff
Fixes #8739: group management technique doesn't ensure optional user is in group