I've come a fair bit in my
puppet
testing now,
but one thing I lack is a user_attr
type.
I.e. a way to update the /etc/user_attr file using puppet.
This is what I have in mind for the syntax:
user_attr { "martin":
type => normal,
roles => [
"root",
"admin"
],
profiles => "Zone Management",
auths => [
"solaris.mail.mailq",
"solaris.system.shutdown"
]
}
One thing I haven't figured out yet is how if the definitions should be absolute,
i.e. if the entry must be exactly like the definition,
or if it is enough that the listed values are present.
In the above example, should the role list be exactly
root,admin or should it just make sure that those two roles are in the list and you can have the role audit too.
Perhaps it would be good to be able to use the absent/present syntax on individual items?
I haven't decided if I'm going to manage the other user attributes too,
e.g. project, defaultpriv,
limitpriv and lock_after_retries.
I will probably leave that for a later release...
[Technorati Tags: OpenSolaris Solaris Security Puppet ]
