[chef] RE: Re: RE: Re: RE: Re: Setting up new accounts *without* building home directories

["Kadel-Garcia, Nico" < >]

I’ve already sent in patches to stop touch $HOME/.ssh if no SSH characteristics are set. Correctly handling the underlying ‘manage_home’ for select environments, and not using a hardcoded ‘useradd –m’,  seems just the sort of thing to justify a patch. These settings are not really environment specific: any environment that relies on network mounted home directories, detachable drives for home directories, or has NFSv3 or NFSv4 permissions interfering is at risk of having the cookbook fail outright, as it stands.

 

The suggestion of “just set your home directory to /dev/null” is simply unworkable.

 

From: Noah Kantrowitz [mailto:
Sent: Monday, June 23, 2014 7:20 PM
To:
Subject: [chef] Re: RE: Re: RE: Re: Setting up new accounts *without* building home directories

 

Just don't use the users cookbook then, sounds like your use is specific enough to write your own.

On June 23, 2014 8:32:27 AM PDT, "Kadel-Garcia, Nico" < "> > wrote:

I’m sorry, but this is not the point. The problem is not that a $HOME is set, this is appropriate for any shell enabled account. The problem is that the “enable_home” settings are hard-coded, in the ‘users’ cookbook, to enforce the use of ‘useradd –m’ when creating new accounts. If the accounts are mounted without the ability for root to create home directories, as for example if home directories are auto-mounted with wildcards in /etc/auto.home, the directory cannot be created with ‘useradd’.

 

The ‘I insist on managing $HOME/.ssh’ for accounts that do not use any of the available .ssh configuration settings is a separate, but similar problem. Auto-mounted home directories that are temporarily unavailable cause chef recipes to fail.

 

 

--
Nico Kadel-Garcia
Senior Systems Consultant
Email: ">
Cell Phone: +1.339.368.2428

 

 

 

From: Roman Kushnir [ ">mailto: ]
Sent: Thursday, June 05, 2014 6:35 AM
To: ">
Subject: [chef] Re: RE: Re: Setting up new accounts *without* building home directories

 

From what I see in the code, to disable home dir you can just set {home: "/dev/null"}

Best Regards,
Roman

 

2014-06-05 1:50 GMT+03:00 Kadel-Garcia, Nico < " target="_blank"> >:

On further review,  can see that the current but the 'users' cookbook is enforcing such settings. I don't see how to prevent it yet.

It's also pretty insistent on creating a $HOME/.ssh directory, even if no SSH settings arep provided. I can submit a patch for that more easily.


--
Nico Kadel-Garcia
Senior Systems Consultant
Email: ">
Cell Phone: +1.339.368.2428





-----Original Message-----
From: Noah Kantrowitz [mailto: "> ]
Sent: Wednesday, June 04, 2014 6:08 PM
To: ">
Subject: [chef] Re: Setting up new accounts *without* building home directories

This is the default for the user resource, but you can make it explicit if you prefer:

user 'foo' do
  supports manage_home: false
end

--Noah

On Jun 4, 2014, at 3:04 PM, "Kadel-Garcia, Nico" < "> > wrote:

> I'm going through the  'users' cookbook, and various environments, and am trying to figure out how to set 'useradd' options to *not* use the '-M' on Linux to automatically create home directories. There are all sorts of reasons not to want this: shared user homedirectories, NFS mounted homedirs that are temporarily offline, and root-squashed NFS shares on client servers are only some of them.
>
> I see where the '-m', which enforces home directory allocation, is being set up in lib/chef/provider/user/useradd.rb. But I'm afraid I'm having difficulty unfurling how to prevent it from being used at all or on an environment by environment basis.
>
> --
> Nico Kadel-Garcia
> Senior Systems Consultant
> Email: ">
> Cell Phone: +1.339.368.2428
>