Module: PuppetX::SystemUsers
- Defined in:
- lib/puppetx/system_users.rb
Class Method Summary collapse
-
.disable_overrides ⇒ Object
called to update the system if changes are needed.
-
.get_homedirs ⇒ Object
find the home directories in use on this system by looking for unique directories in /etc/passwd.
- .get_targets ⇒ Object
Class Method Details
.disable_overrides ⇒ Object
called to update the system if changes are needed
42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/puppetx/system_users.rb', line 42 def self.disable_overrides() get_targets().each { |f| # (concurrency) check the file didn't vanish after we found it # (correctness) make sure we munged the target correctly if File.exists?(f) Puppet.notice("Disabling #{f}") File.chown(0, nil, f) File.chmod(0000, f) else Puppet.notice("Requested lockdown of file #{f} but it does not exist") end } return :overrides_disabled end |
.get_homedirs ⇒ Object
find the home directories in use on this system by looking for unique directories in /etc/passwd
8 9 10 11 12 13 14 15 16 17 18 19 20 |
# File 'lib/puppetx/system_users.rb', line 8 def self.get_homedirs() if File.exists?(SystemUsersConstants::PASSWD_FILE) list = File.readlines(SystemUsersConstants::PASSWD_FILE).reject { |line| line =~ /^\s+$/ or line =~ /^#/ }.map do |line| # skip entirely whitespace or commented out line.split(':')[5] end list.uniq.sort else raise "#{SystemUsersConstants::PASSWD_FILE} file not found" end end |
.get_targets ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/puppetx/system_users.rb', line 22 def self.get_targets() targets = [] get_homedirs().each { |homedir| SystemUsersConstants::FILES_TO_DISABLE.each { |f| munged_filename = File.join(homedir, f) if File.exists?(munged_filename) stat = File.stat(munged_filename) if stat.uid != 0 targets.push(munged_filename) elsif ("%03o" % (stat.mode & 0777)) != '000' targets.push(munged_filename) end end } } targets.sort end |