1 |
boklm |
78 |
class restrictshell { |
2 |
misc |
406 |
class shell { |
3 |
misc |
408 |
file {"/etc/membersh-conf.d": |
4 |
|
|
ensure => directory, |
5 |
|
|
owner => root, |
6 |
|
|
group => root, |
7 |
|
|
mode => 755, |
8 |
|
|
} |
9 |
|
|
|
10 |
misc |
406 |
file { '/usr/local/bin/sv_membersh.pl': |
11 |
|
|
ensure => present, |
12 |
|
|
owner => root, |
13 |
|
|
group => root, |
14 |
|
|
mode => 755, |
15 |
|
|
content => template("restrictshell/sv_membersh.pl"), |
16 |
|
|
} |
17 |
boklm |
78 |
|
18 |
misc |
406 |
file { '/etc/membersh-conf.pl': |
19 |
|
|
ensure => present, |
20 |
|
|
owner => root, |
21 |
|
|
group => root, |
22 |
|
|
mode => 755, |
23 |
|
|
content => template("restrictshell/membersh-conf.pl"), |
24 |
|
|
} |
25 |
misc |
408 |
} |
26 |
boklm |
78 |
|
27 |
misc |
408 |
define allow { |
28 |
|
|
include shell |
29 |
|
|
file { "/etc/membersh-conf.d/allow_$name.pl": |
30 |
|
|
ensure => "present", |
31 |
|
|
owner => root, |
32 |
|
|
group => root, |
33 |
|
|
mode => 755, |
34 |
|
|
content => "\$use_$name = 1;\n", |
35 |
|
|
} |
36 |
misc |
406 |
} |
37 |
misc |
408 |
|
38 |
|
|
# yes, we could directly use the allow, but this is |
39 |
|
|
# a nicer syntax |
40 |
|
|
class allow_git { |
41 |
|
|
allow{ "git": } |
42 |
|
|
} |
43 |
|
|
|
44 |
|
|
class allow_rsync { |
45 |
|
|
allow{ "rsync": } |
46 |
|
|
} |
47 |
|
|
|
48 |
|
|
class allow_pkgsubmit { |
49 |
|
|
allow{ "pkgsubmit": } |
50 |
|
|
} |
51 |
|
|
|
52 |
|
|
class allow_svn { |
53 |
|
|
allow{ "svn": } |
54 |
|
|
} |
55 |
misc |
409 |
|
56 |
|
|
class allow_scp { |
57 |
|
|
allow{ "scp": } |
58 |
|
|
} |
59 |
|
|
|
60 |
|
|
class allow_sftp { |
61 |
|
|
allow{ "sftp": } |
62 |
|
|
} |
63 |
boklm |
1844 |
|
64 |
|
|
class allow_maintdb { |
65 |
|
|
allow{ "maintdb": } |
66 |
|
|
} |
67 |
misc |
409 |
# technically, we could add cvs too |
68 |
|
|
# but I doubt we will use it one day |
69 |
|
|
|
70 |
|
|
|
71 |
boklm |
78 |
} |