<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>POSIXUsers — Bcfg2 1.3.0 documentation</title>
<link rel="stylesheet" href="../../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../',
VERSION: '1.3.0',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
<script type="text/javascript" src="../../_static/sidebar.js"></script>
<link rel="shortcut icon" href="../../_static/favicon.ico"/>
<link rel="top" title="Bcfg2 1.3.0 documentation" href="../../index.html" />
<link rel="up" title="Client Tool Drivers" href="../tools.html" />
<link rel="next" title="VCS Client Tool" href="vcs.html" />
<link rel="prev" title="APT Client Tool" href="apt.html" />
<link rel="stylesheet" href="../../_static/bcfg2.css" type=""/>
</head>
<body>
<div style="text-align: left; padding: 10px 10px 15px 15px">
<a href="../../index.html"><img src="../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="vcs.html" title="VCS Client Tool"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="apt.html" title="APT Client Tool"
accesskey="P">previous</a> |</li>
<li><a href="../../index.html">home</a> | </li>
<!--<li><a href="../../search.html">search</a> | </li>-->
<li><a href="../../help/index.html">help</a> | </li>
<li><a href="../../contents.html">documentation </a> »</li>
<li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li>
<li><a href="../index.html" >The Bcfg2 Client</a> »</li>
<li><a href="../tools.html" accesskey="U">Client Tool Drivers</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="posixusers">
<span id="client-tools-posixusers"></span><h1>POSIXUsers<a class="headerlink" href="#posixusers" title="Permalink to this headline">¶</a></h1>
<p class="versionadded">
<span class="versionmodified">New in version 1.3.0.</span></p>
<p>The POSIXUsers tool handles the creation of users and groups as
defined by <tt class="docutils literal"><span class="pre">POSIXUser</span></tt> and <tt class="docutils literal"><span class="pre">POSIXGroup</span></tt> entries. For a full
description of those tags, see <a class="reference internal" href="../../server/plugins/generators/rules.html#server-plugins-generators-rules"><em>Rules</em></a>.</p>
<p>The POSIXUsers tool relies on the <tt class="docutils literal"><span class="pre">useradd</span></tt>, <tt class="docutils literal"><span class="pre">usermod</span></tt>,
<tt class="docutils literal"><span class="pre">userdel</span></tt>, <tt class="docutils literal"><span class="pre">groupadd</span></tt>, <tt class="docutils literal"><span class="pre">groupmod</span></tt>, and <tt class="docutils literal"><span class="pre">groupdel</span></tt> tools, since
there is no Python library to manage users and groups. It expects
those tools to be in <tt class="docutils literal"><span class="pre">/usr/sbin</span></tt>.</p>
<div class="section" id="primary-group-creation">
<h2>Primary group creation<a class="headerlink" href="#primary-group-creation" title="Permalink to this headline">¶</a></h2>
<p>Each user must have a primary group, which can be specified with the
<tt class="docutils literal"><span class="pre">group</span></tt> attribute of the <tt class="docutils literal"><span class="pre">POSIXUser</span></tt> tag. (If the <tt class="docutils literal"><span class="pre">group</span></tt>
attribute is not specified, then a group with the same name as the
user will be used.) If that group does not exist, the POSIXUsers tool
will create it automatically. It does this by adding a <tt class="docutils literal"><span class="pre">POSIXGroup</span></tt>
entry on the fly; this has a few repercussions:</p>
<ul class="simple">
<li>When run in interactive mode (<tt class="docutils literal"><span class="pre">-I</span></tt>), Bcfg2 will prompt for
installation of the group separately from the user.</li>
<li>The <tt class="docutils literal"><span class="pre">POSIXGroup</span></tt> entry is added to the same bundle as the
<tt class="docutils literal"><span class="pre">POSIXUser</span></tt> entry, so if the group is created, the bundle is
considered to have been modified and consequently Actions will be
run and Services will be restarted. This should never be a concern,
since the group can only be created, not modified (it has no
attributes other than its name), and if the group is being created
then the user will certainly be created or modified as well.</li>
<li>The group is created with no specified GID number. If you need to
specify a particular GID number, you must explicitly define a
<tt class="docutils literal"><span class="pre">POSIXGroup</span></tt> entry for the group.</li>
</ul>
</div>
<div class="section" id="managed-uid-gid-ranges">
<h2>Managed UID/GID Ranges<a class="headerlink" href="#managed-uid-gid-ranges" title="Permalink to this headline">¶</a></h2>
<p>In many cases, there will be users on a system that you do not want to
manage with Bcfg2, nor do you want them to be flagged as extra
entries. For example, users from an LDAP directory. In this case,
you may want to manage the local users on a machine with Bcfg2, while
leaving the LDAP users to be managed by the LDAP directory. To do
this, you can configure the UID and GID ranges that are to be managed
by Bcfg2 by setting the following options in the <tt class="docutils literal"><span class="pre">[POSIXUsers]</span></tt>
section of <tt class="docutils literal"><span class="pre">bcfg2.conf</span></tt> on the <em>client</em>:</p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">uid_whitelist</span></tt></li>
<li><tt class="docutils literal"><span class="pre">uid_blacklist</span></tt></li>
<li><tt class="docutils literal"><span class="pre">gid_whitelist</span></tt></li>
<li><tt class="docutils literal"><span class="pre">gid_blacklist</span></tt></li>
</ul>
<p>Each option takes a comma-delimited list of numeric ranges, inclusive
at both bounds, one of which may be open-ended on the upper bound,
e.g.:</p>
<div class="highlight-python"><pre>[POSIXUsers]
uid_blacklist=1000-
gid_whitelist=0-500,700-999</pre>
</div>
<p>This would tell Bcfg2 to manage all users whose uid numbers were <em>not</em>
greater than or equal to 1000, and all groups whose gid numbers were 0
<= <tt class="docutils literal"><span class="pre">gid</span></tt> <= 500 or 700 <= <tt class="docutils literal"><span class="pre">gid</span></tt> <= 999.</p>
<p>If a whitelist is provided, it will be used; otherwise, the blacklist
will be used. (I.e., if you provide both, the blacklist will be
ignored.)</p>
<p>If a user or group is added to the specification with a uid or gid in
an unmanaged range, it will produce an error.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">If you specify POSIXUser or POSIXGroup tags without an explicit
uid or gid, this will <strong>not</strong> prevent the users/groups from being
created with a uid/gid in an unmanaged range. If you want that to
happen, you will need to configure your <tt class="docutils literal"><span class="pre">useradd</span></tt>/<tt class="docutils literal"><span class="pre">groupadd</span></tt>
defaults appropriately. Note also, however, that this will not
cause Bcfg2 errors; it is only an error if a POSIXUser or
POSIXGroup has an <em>explicit</em> uid/gid in an unmanaged range.</p>
</div>
</div>
<div class="section" id="creating-a-baseline-configuration">
<h2>Creating a baseline configuration<a class="headerlink" href="#creating-a-baseline-configuration" title="Permalink to this headline">¶</a></h2>
<p>The majority of users on many systems are created by the packages that
are installed, but currently Bcfg2 cannot query the package database
to determine these users. (In some cases, this is a limitation of the
packaging system.) The often-tedious task of creating a baseline that
defines all users and groups can be simplified by use of the
<tt class="docutils literal"><span class="pre">tools/posixusers_baseline.py</span></tt> script, which outputs a bundle
containing all users and groups on the machine it’s run on.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="../../index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">POSIXUsers</a><ul>
<li><a class="reference internal" href="#primary-group-creation">Primary group creation</a></li>
<li><a class="reference internal" href="#managed-uid-gid-ranges">Managed UID/GID Ranges</a></li>
<li><a class="reference internal" href="#creating-a-baseline-configuration">Creating a baseline configuration</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="apt.html"
title="previous chapter">APT Client Tool</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="vcs.html"
title="next chapter">VCS Client Tool</a></p>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../../_sources/client/tools/posixusers.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="vcs.html" title="VCS Client Tool"
>next</a> |</li>
<li class="right" >
<a href="apt.html" title="APT Client Tool"
>previous</a> |</li>
<li><a href="../../index.html">home</a> | </li>
<!--<li><a href="../../search.html">search</a> | </li>-->
<li><a href="../../help/index.html">help</a> | </li>
<li><a href="../../contents.html">documentation </a> »</li>
<li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li>
<li><a href="../index.html" >The Bcfg2 Client</a> »</li>
<li><a href="../tools.html" >Client Tool Drivers</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2009-2013, Narayan Desai.
Last updated on Mar 20, 2013.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>
distrib
>
Fedora
>
17
>
i386
>
media
>
updates
>
by-pkgid
>
b50d8ee6d7871fcc13c0677a9364ed59
>
files
>
349
