General discussion about Chef

[chef] RE: Re: RE: Re: Setting up new accounts *without* building home directories


Chronological Thread 
  • From: "Kadel-Garcia, Nico" < >
  • To: " " < >
  • Subject: [chef] RE: Re: RE: Re: Setting up new accounts *without* building home directories
  • Date: Mon, 23 Jun 2014 15:32:27 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;

I’m sorry, but this is not the point. The problem is not that a $HOME is set, this is appropriate for any shell enabled account. The problem is that the “enable_home” settings are hard-coded, in the ‘users’ cookbook, to enforce the use of ‘useradd –m’ when creating new accounts. If the accounts are mounted without the ability for root to create home directories, as for example if home directories are auto-mounted with wildcards in /etc/auto.home, the directory cannot be created with ‘useradd’.

 

The ‘I insist on managing $HOME/.ssh’ for accounts that do not use any of the available .ssh configuration settings is a separate, but similar problem. Auto-mounted home directories that are temporarily unavailable cause chef recipes to fail.

 

 

--
Nico Kadel-Garcia
Senior Systems Consultant
Email:
Cell Phone: +1.339.368.2428

 

 

 

From: Roman Kushnir [mailto:
Sent: Thursday, June 05, 2014 6:35 AM
To:
Subject: [chef] Re: RE: Re: Setting up new accounts *without* building home directories

 

From what I see in the code, to disable home dir you can just set {home: "/dev/null"}


Best Regards,
Roman

 

2014-06-05 1:50 GMT+03:00 Kadel-Garcia, Nico < " target="_blank"> >:

On further review,  can see that the current but the 'users' cookbook is enforcing such settings. I don't see how to prevent it yet.

It's also pretty insistent on creating a $HOME/.ssh directory, even if no SSH settings arep provided. I can submit a patch for that more easily.


--
Nico Kadel-Garcia
Senior Systems Consultant
Email: ">
Cell Phone: +1.339.368.2428





-----Original Message-----
From: Noah Kantrowitz [mailto: "> ]
Sent: Wednesday, June 04, 2014 6:08 PM
To: ">
Subject: [chef] Re: Setting up new accounts *without* building home directories

This is the default for the user resource, but you can make it explicit if you prefer:

user 'foo' do
  supports manage_home: false
end

--Noah

On Jun 4, 2014, at 3:04 PM, "Kadel-Garcia, Nico" < "> > wrote:

> I'm going through the  'users' cookbook, and various environments, and am trying to figure out how to set 'useradd' options to *not* use the '-M' on Linux to automatically create home directories. There are all sorts of reasons not to want this: shared user homedirectories, NFS mounted homedirs that are temporarily offline, and root-squashed NFS shares on client servers are only some of them.
>
> I see where the '-m', which enforces home directory allocation, is being set up in lib/chef/provider/user/useradd.rb. But I'm afraid I'm having difficulty unfurling how to prevent it from being used at all or on an environment by environment basis.
>
> --
> Nico Kadel-Garcia
> Senior Systems Consultant
> Email: ">
> Cell Phone: +1.339.368.2428
>

 


Archive powered by MHonArc 2.6.16.

§