Puppet Class: system_users::lock_inactive

Defined in:
manifests/lock_inactive.pp

Summary

Lock users who have been inactive for a certain period

Overview

Lock users who have been inactive for a certain period:

Solaris

1. set `definact` in `/usr/sadm/defadduser`
2. `useradd -D`

RHEL

* set `INACTIVE=` in `/etc/default/useradd`

Parameters:

  • period (Integer) (defaults to: 30)

    How long to wait before locking a user (days)



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'manifests/lock_inactive.pp', line 13

class system_users::lock_inactive(
  Integer $period = 30
) {

  # SOLARIS
  case $facts['os']['family'] {
    "Solaris" : {
      $defaults_file  = "/usr/sadm/defadduser"
      $exec_title     = "rebuild ${defaults_file}"

      file {$defaults_file:
        ensure => present,
        owner  => "root",
        group  => "root",
        mode   => "0600",
      }
      file_line { "${defaults_file} definact":
        ensure => present,
        path   => $defaults_file,
        line   => "definact=${period}",
        match  => "^definact=",
        notify => Exec[$exec_title]
      }
      exec { $exec_title:
        command     => "useradd -D",
        refreshonly => true,
        path        => ["/usr/sbin", "/sbin", "/usr/bin", "/bin"],
      }
    }
    "RedHat": {
      # rhel
      file_line { "lock inactive users":
        ensure => present,
        match  => 'INACTIVE=',
        path   => '/etc/default/useradd',
        line   => "INACTIVE=${period}",
      }
    }
    default: {
      fail("class ${name} does not support ${facts['os']['family']}")
    }
  }
}