1 |
class restrictshell { |
class restrictshell { } |
|
class shell { |
|
|
file {"/etc/membersh-conf.d": |
|
|
ensure => directory, |
|
|
owner => root, |
|
|
group => root, |
|
|
mode => 755, |
|
|
} |
|
|
|
|
|
file { '/usr/local/bin/sv_membersh.pl': |
|
|
ensure => present, |
|
|
owner => root, |
|
|
group => root, |
|
|
mode => 755, |
|
|
content => template("restrictshell/sv_membersh.pl"), |
|
|
} |
|
|
|
|
|
file { '/etc/membersh-conf.pl': |
|
|
ensure => present, |
|
|
owner => root, |
|
|
group => root, |
|
|
mode => 755, |
|
|
content => template("restrictshell/membersh-conf.pl"), |
|
|
} |
|
|
} |
|
|
|
|
|
define allow { |
|
|
include shell |
|
|
file { "/etc/membersh-conf.d/allow_$name.pl": |
|
|
ensure => "present", |
|
|
owner => root, |
|
|
group => root, |
|
|
mode => 755, |
|
|
content => "\$use_$name = 1;\n", |
|
|
} |
|
|
} |
|
|
|
|
|
# yes, we could directly use the allow, but this is |
|
|
# a nicer syntax |
|
|
class allow_git { |
|
|
allow{ "git": } |
|
|
} |
|
|
|
|
|
class allow_rsync { |
|
|
allow{ "rsync": } |
|
|
} |
|
|
|
|
|
class allow_pkgsubmit { |
|
|
allow{ "pkgsubmit": } |
|
|
} |
|
|
|
|
|
class allow_svn { |
|
|
allow{ "svn": } |
|
|
} |
|
|
|
|
|
class allow_scp { |
|
|
allow{ "scp": } |
|
|
} |
|
|
|
|
|
class allow_sftp { |
|
|
allow{ "sftp": } |
|
|
} |
|
|
|
|
|
class allow_maintdb { |
|
|
allow{ "maintdb": } |
|
|
} |
|
|
|
|
|
class allow_upload_bin { |
|
|
allow{ "upload_bin": } |
|
|
} |
|
|
|
|
|
# technically, we could add cvs too |
|
|
# but I doubt we will use it one day |
|
|
|
|
|
|
|
|
} |
|