<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Account — Bcfg2 1.3.0 documentation</title>
<link rel="stylesheet" href="../../../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../../../',
VERSION: '1.3.0',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../../../_static/jquery.js"></script>
<script type="text/javascript" src="../../../_static/underscore.js"></script>
<script type="text/javascript" src="../../../_static/doctools.js"></script>
<script type="text/javascript" src="../../../_static/sidebar.js"></script>
<link rel="shortcut icon" href="../../../_static/favicon.ico"/>
<link rel="top" title="Bcfg2 1.3.0 documentation" href="../../../index.html" />
<link rel="up" title="Plugins" href="../index.html" />
<link rel="next" title="Cfg" href="cfg.html" />
<link rel="prev" title="Deps" href="../structures/deps.html" />
<link rel="stylesheet" href="../../../_static/bcfg2.css" type=""/>
</head>
<body>
<div style="text-align: left; padding: 10px 10px 15px 15px">
<a href="../../../index.html"><img src="../../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="cfg.html" title="Cfg"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="../structures/deps.html" title="Deps"
accesskey="P">previous</a> |</li>
<li><a href="../../../index.html">home</a> | </li>
<!--<li><a href="../../../search.html">search</a> | </li>-->
<li><a href="../../../help/index.html">help</a> | </li>
<li><a href="../../../contents.html">documentation </a> »</li>
<li><a href="../../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li>
<li><a href="../../index.html" >The Bcfg2 Server</a> »</li>
<li><a href="../index.html" accesskey="U">Plugins</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="account">
<span id="server-plugins-generators-account"></span><h1>Account<a class="headerlink" href="#account" title="Permalink to this headline">ΒΆ</a></h1>
<p>The account plugin manages authentication data, including</p>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">/etc/passwd</span></tt></li>
<li><tt class="docutils literal"><span class="pre">/etc/group</span></tt></li>
<li><tt class="docutils literal"><span class="pre">/etc/security/limits.conf</span></tt></li>
<li><tt class="docutils literal"><span class="pre">/etc/sudoers</span></tt></li>
<li><tt class="docutils literal"><span class="pre">/root/.ssh/authorized_keys</span></tt></li>
</ul>
<p>User access data is stored in three files in the Account directory:</p>
<ul class="simple">
<li>superusers (a list of users who always have root privs)</li>
<li>rootlist (a list of user:host pairs for scoped root privs)</li>
<li>useraccess (a list of user:host pairs for login access)</li>
</ul>
<p>SSH keys are stored in files named $username.key; these are installed
into root’s authorized keys for users in the superusers list as well as
for the pertitent users in the rootlike file (for the current system).</p>
<p>Authentication data is read in from (static|dyn).(passwd|group) The static
ones are for system local ones, while the dyn. versions are for external
synchronization (from ldap/nis/etc). There is also a static.limits.conf
that provides the limits.conf header and any static entries.</p>
<p>Files in the Account directory:</p>
<p><tt class="docutils literal"><span class="pre"><username>.key</span></tt></p>
<blockquote>
<div><p><strong>Format</strong>: The SSH public key for user <username>.</p>
<blockquote>
<div>If the user is in the “rootlike” or “superusers” group, these
keys will be appended to <tt class="docutils literal"><span class="pre">/root/.ssh/auth</span></tt></div></blockquote>
</div></blockquote>
<p><tt class="docutils literal"><span class="pre">useraccess</span></tt></p>
<blockquote>
<div><p><strong>Format</strong>: “user:hostname” on each line.</p>
<blockquote>
<div>Describes who may login where (via PAMs
<tt class="docutils literal"><span class="pre">/etc/security/limits.conf</span></tt>). Everybody else will be denied
access.(?)</div></blockquote>
<p><strong>Example</strong>:</p>
<blockquote>
<div><p>If Alice should be able to access host “foo”, Bob should access
“foo” and “bar”:</p>
<div class="highlight-python"><pre>alice:foo.example.com
bob:foo.example.com
bob:bar.example.com</pre>
</div>
</div></blockquote>
</div></blockquote>
<p><tt class="docutils literal"><span class="pre">rootlike</span></tt></p>
<blockquote>
<div><p><strong>Format</strong>: “user:hostname” on each line.</p>
<blockquote>
<div>Describes who will be allowed root access where. The user may
login via public key and use sudo.</div></blockquote>
<p><strong>Example</strong>:</p>
<blockquote>
<div><p>If Chris should be root only on host “foo”:</p>
<div class="highlight-python"><pre>chris:foo.example.com</pre>
</div>
</div></blockquote>
</div></blockquote>
<p><tt class="docutils literal"><span class="pre">superusers</span></tt></p>
<blockquote>
<div><p><strong>Format</strong>: usernames, separated by spaces or newlines. (Any whitespace that makes pythons split() happy.)</p>
<blockquote>
<div>Describes who will be allowed root access on all hosts. The user
may login via public key and use sudo.</div></blockquote>
<p><strong>Example</strong>:</p>
<blockquote>
<div><p>Daniel, Eve and Faith are global admins:</p>
<div class="highlight-python"><pre>daniel eve
faith</pre>
</div>
</div></blockquote>
</div></blockquote>
<p><tt class="docutils literal"><span class="pre">static.passwd</span></tt>, <tt class="docutils literal"><span class="pre">static.group</span></tt></p>
<blockquote>
<div><p><strong>Format</strong>: Lines from <tt class="docutils literal"><span class="pre">/etc/passwd</span></tt> or <tt class="docutils literal"><span class="pre">/etc/group</span></tt></p>
<blockquote>
<div>These entries are appended to the passwd and group files
(in addition to the auto-generated entries from “useraccess”,
“rootlike” and “superusers” above) without doing anything else.</div></blockquote>
</div></blockquote>
<p><tt class="docutils literal"><span class="pre">dyn.passwd</span></tt>, <tt class="docutils literal"><span class="pre">dyn.group</span></tt></p>
<blockquote>
<div><p><strong>Format</strong>: Lines from <tt class="docutils literal"><span class="pre">/etc/passwd</span></tt> or <tt class="docutils literal"><span class="pre">/etc/group</span></tt></p>
<blockquote>
<div>Similar to “static.*” above, but for entries that are managed “on
the network” (yp, LDAP, ...), so it is most likely periodically
(re)filled.</div></blockquote>
</div></blockquote>
<p><tt class="docutils literal"><span class="pre">static.limits.conf</span></tt></p>
<blockquote>
<div><p><strong>Format</strong>: Lines from <tt class="docutils literal"><span class="pre">/etc/security/limit.conf</span></tt></p>
<blockquote>
<div>These limits will be appended to limits.conf (in addition to
the auto-generated entries from “useraccess”, “rootlike” and
“superusers” above).</div></blockquote>
</div></blockquote>
<p><tt class="docutils literal"><span class="pre">static.sudoers</span></tt></p>
<blockquote>
<div><p><strong>Format</strong>: Lines from <tt class="docutils literal"><span class="pre">/etc/sudoers</span></tt></p>
<blockquote>
<div>These lines will be appended to to sudoers file (in addition
to the auto-generated entries from “useraccess”, “rootlike” and
“superusers” above).</div></blockquote>
</div></blockquote>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h4>Previous topic</h4>
<p class="topless"><a href="../structures/deps.html"
title="previous chapter">Deps</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="cfg.html"
title="next chapter">Cfg</a></p>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../../../_sources/server/plugins/generators/account.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../../../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../../../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="cfg.html" title="Cfg"
>next</a> |</li>
<li class="right" >
<a href="../structures/deps.html" title="Deps"
>previous</a> |</li>
<li><a href="../../../index.html">home</a> | </li>
<!--<li><a href="../../../search.html">search</a> | </li>-->
<li><a href="../../../help/index.html">help</a> | </li>
<li><a href="../../../contents.html">documentation </a> »</li>
<li><a href="../../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li>
<li><a href="../../index.html" >The Bcfg2 Server</a> »</li>
<li><a href="../index.html" >Plugins</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2009-2013, Narayan Desai.
Last updated on Mar 20, 2013.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
</div>
</body>
</html>
distrib
>
Fedora
>
17
>
i386
>
media
>
updates
>
by-pkgid
>
b50d8ee6d7871fcc13c0677a9364ed59
>
files
>
445
