add group role, rename default group
This commit is contained in:
66
roles/pubnix/bin/group.sh
Executable file
66
roles/pubnix/bin/group.sh
Executable file
@@ -0,0 +1,66 @@
|
||||
#!/bin/sh
|
||||
|
||||
rootdir=""
|
||||
group=""
|
||||
action=""
|
||||
|
||||
usage() {
|
||||
echo "Usage: $0 -g group -a action"
|
||||
echo "Valid actions: present, absent"
|
||||
exit 1
|
||||
}
|
||||
|
||||
run() {
|
||||
echo $*
|
||||
$*
|
||||
}
|
||||
|
||||
OPTIND=1
|
||||
while getopts d:g:a: opt ; do
|
||||
case $opt in
|
||||
d)
|
||||
rootdir="$OPTARG"
|
||||
;;
|
||||
g)
|
||||
group="$OPTARG"
|
||||
;;
|
||||
a)
|
||||
action="$OPTARG"
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
shift $(($OPTIND - 1))
|
||||
|
||||
if test -z "$group" -o -z "$action"; then
|
||||
usage
|
||||
fi
|
||||
|
||||
root=""
|
||||
|
||||
if test -n "$rootdir"; then
|
||||
root="-R $rootdir"
|
||||
fi
|
||||
|
||||
case "$action" in
|
||||
present)
|
||||
if pw $root group show "$group" > /dev/null 2>&1; then
|
||||
if pw $root group show "$group" | grep -q LOCKED; then
|
||||
echo "$group exists."
|
||||
fi
|
||||
else
|
||||
run pw $root group add "$group"
|
||||
fi
|
||||
;;
|
||||
absent)
|
||||
if pw $root group show "$group" > /dev/null 2>&1; then
|
||||
run pw $root group del "$group"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
@@ -65,17 +65,17 @@
|
||||
# args:
|
||||
# creates: /usr/local/bastille/jails/{{ role_name }}/root/etc/skel
|
||||
|
||||
# these will later be used by bin/user.sh (see below) to be installed
|
||||
# into the user homes
|
||||
- name: copy user ssh keys
|
||||
copy:
|
||||
src: keys
|
||||
dest: "/usr/local/bastille/"
|
||||
|
||||
|
||||
- name: create user group
|
||||
shell: |
|
||||
pw -R {{ defaults.jailbase }}/{{ role_name }}/root group show {{ defaults.group }} ||\
|
||||
pw -R {{ defaults.jailbase }}/{{ role_name }}/root group add {{ defaults.group }}
|
||||
|
||||
# create our own group[s]
|
||||
- name: Manage groups
|
||||
loop: "{{ jailgroups }}"
|
||||
ansible.builtin.script: "bin/group.sh -g {{ item.name }} -a {{ item.state }} -d /usr/local/bastille/jails/pubnix/root"
|
||||
|
||||
# The normal ansible user module can't be used here, because we're
|
||||
# talking about jail users here. I tried to patch the module to
|
||||
@@ -86,6 +86,6 @@
|
||||
# So, instead I'm just using this simple script, which does the job as
|
||||
# well.
|
||||
- name: Manage users
|
||||
loop: "{{ users }}"
|
||||
loop: "{{ jailusers }}"
|
||||
ansible.builtin.script: "bin/user.sh -u {{ item.name }} -g '{{ item.groups | default(defaults.group) }}' -c {{ role_name }}-user -a {{ item.state }} -d {{ defaults.jailbase }}/{{ role_name }}/root"
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user