Release 10.3.0 #120
|
@ -30,6 +30,7 @@ The **patch** part changes incrementally at each release.
|
||||||
* apt: disable APT Periodic
|
* apt: disable APT Periodic
|
||||||
* evoacme: upstream release 20.12
|
* evoacme: upstream release 20.12
|
||||||
* evocheck: upstream release 20.12
|
* evocheck: upstream release 20.12
|
||||||
|
* evolinux-users: improve uid/login checks
|
||||||
* tomcat-instance: fail if uid already exists
|
* tomcat-instance: fail if uid already exists
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
|
@ -2,20 +2,41 @@
|
||||||
|
|
||||||
# Unix account
|
# Unix account
|
||||||
|
|
||||||
|
- fail:
|
||||||
|
msg: "You must provide a value for the 'user.name ' variable."
|
||||||
|
when: user.name is not defined or user.name == ''
|
||||||
|
|
||||||
|
- fail:
|
||||||
|
msg: "You must provide a value for the 'user.uid ' variable."
|
||||||
|
when: user.uid is not defined or user.uid == ''
|
||||||
|
|
||||||
- name: "Test if '{{ user.name }}' exists"
|
- name: "Test if '{{ user.name }}' exists"
|
||||||
command: 'getent passwd {{ user.name }}'
|
command: 'id -u "{{ user.name }}"'
|
||||||
register: loginisbusy
|
register: get_id_from_login
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
- name: "Test if uid exists for '{{ user.name }}'"
|
- name: "Test if uid '{{ user.uid }}' exists"
|
||||||
command: 'getent passwd {{ user.uid }}'
|
command: 'id -un -- "{{ user.uid }}"'
|
||||||
register: uidisbusy
|
register: get_login_from_id
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
|
# Error if
|
||||||
|
# the uid already exists
|
||||||
|
# and the user associated with this uid is not the desired user
|
||||||
|
- name: "Fail if uid already exists for another user"
|
||||||
|
fail:
|
||||||
|
msg: "Uid '{{ user.uid }}' is already used by '{{ get_login_from_id.stdout }}'. You must change uid for '{{ user.name }}'"
|
||||||
|
when:
|
||||||
|
- get_login_from_id.rc == 0
|
||||||
|
- get_login_from_id.stdout != user.name
|
||||||
|
|
||||||
|
# Create/Update the user account with defined uid if
|
||||||
|
# the user doesn't already exist and the uid isn't already used
|
||||||
|
# or the user exists with the defined uid
|
||||||
- name: "Unix account for '{{ user.name }}' is present (with uid '{{ user.uid }}')"
|
- name: "Unix account for '{{ user.name }}' is present (with uid '{{ user.uid }}')"
|
||||||
user:
|
user:
|
||||||
state: present
|
state: present
|
||||||
|
@ -24,11 +45,13 @@
|
||||||
comment: '{{ user.fullname }}'
|
comment: '{{ user.fullname }}'
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
password: '{{ user.password_hash }}'
|
password: '{{ user.password_hash }}'
|
||||||
update_password: on_create
|
update_password: "on_create"
|
||||||
when:
|
when:
|
||||||
- loginisbusy.rc != 0
|
- (get_id_from_login.rc != 0 and get_login_from_id.rc != 0) or (get_id_from_login.rc == 0 and get_login_from_id.stdout == user.name)
|
||||||
- uidisbusy.rc != 0
|
|
||||||
|
|
||||||
|
# Create/Update the user account without defined uid if
|
||||||
|
# the user doesn't already exist but the defined uid is already used
|
||||||
|
# or another user already exists with a the same uid
|
||||||
- name: "Unix account for '{{ user.name }}' is present (with random uid)"
|
- name: "Unix account for '{{ user.name }}' is present (with random uid)"
|
||||||
user:
|
user:
|
||||||
state: present
|
state: present
|
||||||
|
@ -36,10 +59,9 @@
|
||||||
comment: '{{ user.fullname }}'
|
comment: '{{ user.fullname }}'
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
password: '{{ user.password_hash }}'
|
password: '{{ user.password_hash }}'
|
||||||
update_password: on_create
|
update_password: "on_create"
|
||||||
when:
|
when:
|
||||||
- loginisbusy.rc != 0
|
- (get_id_from_login.rc != 0 and get_login_from_id.rc == 0) or (get_id_from_login.rc == 0 and get_login_from_id.stdout != user.name)
|
||||||
- uidisbusy.rc == 0
|
|
||||||
|
|
||||||
- name: Is /etc/aliases present?
|
- name: Is /etc/aliases present?
|
||||||
stat:
|
stat:
|
||||||
|
|
Loading…
Reference in a new issue