<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Account — Bcfg2 1.3.0 documentation</title> <link rel="stylesheet" href="../../../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../../', VERSION: '1.3.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../../../_static/jquery.js"></script> <script type="text/javascript" src="../../../_static/underscore.js"></script> <script type="text/javascript" src="../../../_static/doctools.js"></script> <script type="text/javascript" src="../../../_static/sidebar.js"></script> <link rel="shortcut icon" href="../../../_static/favicon.ico"/> <link rel="top" title="Bcfg2 1.3.0 documentation" href="../../../index.html" /> <link rel="up" title="Plugins" href="../index.html" /> <link rel="next" title="Cfg" href="cfg.html" /> <link rel="prev" title="Deps" href="../structures/deps.html" /> <link rel="stylesheet" href="../../../_static/bcfg2.css" type=""/> </head> <body> <div style="text-align: left; padding: 10px 10px 15px 15px"> <a href="../../../index.html"><img src="../../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../../genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="../../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="cfg.html" title="Cfg" accesskey="N">next</a> |</li> <li class="right" > <a href="../structures/deps.html" title="Deps" accesskey="P">previous</a> |</li> <li><a href="../../../index.html">home</a> | </li> <!--<li><a href="../../../search.html">search</a> | </li>--> <li><a href="../../../help/index.html">help</a> | </li> <li><a href="../../../contents.html">documentation </a> »</li> <li><a href="../../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="../../index.html" >The Bcfg2 Server</a> »</li> <li><a href="../index.html" accesskey="U">Plugins</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="account"> <span id="server-plugins-generators-account"></span><h1>Account<a class="headerlink" href="#account" title="Permalink to this headline">ΒΆ</a></h1> <p>The account plugin manages authentication data, including</p> <ul class="simple"> <li><tt class="docutils literal"><span class="pre">/etc/passwd</span></tt></li> <li><tt class="docutils literal"><span class="pre">/etc/group</span></tt></li> <li><tt class="docutils literal"><span class="pre">/etc/security/limits.conf</span></tt></li> <li><tt class="docutils literal"><span class="pre">/etc/sudoers</span></tt></li> <li><tt class="docutils literal"><span class="pre">/root/.ssh/authorized_keys</span></tt></li> </ul> <p>User access data is stored in three files in the Account directory:</p> <ul class="simple"> <li>superusers (a list of users who always have root privs)</li> <li>rootlist (a list of user:host pairs for scoped root privs)</li> <li>useraccess (a list of user:host pairs for login access)</li> </ul> <p>SSH keys are stored in files named $username.key; these are installed into root’s authorized keys for users in the superusers list as well as for the pertitent users in the rootlike file (for the current system).</p> <p>Authentication data is read in from (static|dyn).(passwd|group) The static ones are for system local ones, while the dyn. versions are for external synchronization (from ldap/nis/etc). There is also a static.limits.conf that provides the limits.conf header and any static entries.</p> <p>Files in the Account directory:</p> <p><tt class="docutils literal"><span class="pre"><username>.key</span></tt></p> <blockquote> <div><p><strong>Format</strong>: The SSH public key for user <username>.</p> <blockquote> <div>If the user is in the “rootlike” or “superusers” group, these keys will be appended to <tt class="docutils literal"><span class="pre">/root/.ssh/auth</span></tt></div></blockquote> </div></blockquote> <p><tt class="docutils literal"><span class="pre">useraccess</span></tt></p> <blockquote> <div><p><strong>Format</strong>: “user:hostname” on each line.</p> <blockquote> <div>Describes who may login where (via PAMs <tt class="docutils literal"><span class="pre">/etc/security/limits.conf</span></tt>). Everybody else will be denied access.(?)</div></blockquote> <p><strong>Example</strong>:</p> <blockquote> <div><p>If Alice should be able to access host “foo”, Bob should access “foo” and “bar”:</p> <div class="highlight-python"><pre>alice:foo.example.com bob:foo.example.com bob:bar.example.com</pre> </div> </div></blockquote> </div></blockquote> <p><tt class="docutils literal"><span class="pre">rootlike</span></tt></p> <blockquote> <div><p><strong>Format</strong>: “user:hostname” on each line.</p> <blockquote> <div>Describes who will be allowed root access where. The user may login via public key and use sudo.</div></blockquote> <p><strong>Example</strong>:</p> <blockquote> <div><p>If Chris should be root only on host “foo”:</p> <div class="highlight-python"><pre>chris:foo.example.com</pre> </div> </div></blockquote> </div></blockquote> <p><tt class="docutils literal"><span class="pre">superusers</span></tt></p> <blockquote> <div><p><strong>Format</strong>: usernames, separated by spaces or newlines. (Any whitespace that makes pythons split() happy.)</p> <blockquote> <div>Describes who will be allowed root access on all hosts. The user may login via public key and use sudo.</div></blockquote> <p><strong>Example</strong>:</p> <blockquote> <div><p>Daniel, Eve and Faith are global admins:</p> <div class="highlight-python"><pre>daniel eve faith</pre> </div> </div></blockquote> </div></blockquote> <p><tt class="docutils literal"><span class="pre">static.passwd</span></tt>, <tt class="docutils literal"><span class="pre">static.group</span></tt></p> <blockquote> <div><p><strong>Format</strong>: Lines from <tt class="docutils literal"><span class="pre">/etc/passwd</span></tt> or <tt class="docutils literal"><span class="pre">/etc/group</span></tt></p> <blockquote> <div>These entries are appended to the passwd and group files (in addition to the auto-generated entries from “useraccess”, “rootlike” and “superusers” above) without doing anything else.</div></blockquote> </div></blockquote> <p><tt class="docutils literal"><span class="pre">dyn.passwd</span></tt>, <tt class="docutils literal"><span class="pre">dyn.group</span></tt></p> <blockquote> <div><p><strong>Format</strong>: Lines from <tt class="docutils literal"><span class="pre">/etc/passwd</span></tt> or <tt class="docutils literal"><span class="pre">/etc/group</span></tt></p> <blockquote> <div>Similar to “static.*” above, but for entries that are managed “on the network” (yp, LDAP, ...), so it is most likely periodically (re)filled.</div></blockquote> </div></blockquote> <p><tt class="docutils literal"><span class="pre">static.limits.conf</span></tt></p> <blockquote> <div><p><strong>Format</strong>: Lines from <tt class="docutils literal"><span class="pre">/etc/security/limit.conf</span></tt></p> <blockquote> <div>These limits will be appended to limits.conf (in addition to the auto-generated entries from “useraccess”, “rootlike” and “superusers” above).</div></blockquote> </div></blockquote> <p><tt class="docutils literal"><span class="pre">static.sudoers</span></tt></p> <blockquote> <div><p><strong>Format</strong>: Lines from <tt class="docutils literal"><span class="pre">/etc/sudoers</span></tt></p> <blockquote> <div>These lines will be appended to to sudoers file (in addition to the auto-generated entries from “useraccess”, “rootlike” and “superusers” above).</div></blockquote> </div></blockquote> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h4>Previous topic</h4> <p class="topless"><a href="../structures/deps.html" title="previous chapter">Deps</a></p> <h4>Next topic</h4> <p class="topless"><a href="cfg.html" title="next chapter">Cfg</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="../../../_sources/server/plugins/generators/account.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../../../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../../genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="../../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="cfg.html" title="Cfg" >next</a> |</li> <li class="right" > <a href="../structures/deps.html" title="Deps" >previous</a> |</li> <li><a href="../../../index.html">home</a> | </li> <!--<li><a href="../../../search.html">search</a> | </li>--> <li><a href="../../../help/index.html">help</a> | </li> <li><a href="../../../contents.html">documentation </a> »</li> <li><a href="../../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="../../index.html" >The Bcfg2 Server</a> »</li> <li><a href="../index.html" >Plugins</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009-2013, Narayan Desai. Last updated on Mar 20, 2013. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>