From 19402a47cde972ed7ea2dfc95bc0e3d887500036 Mon Sep 17 00:00:00 2001 From: Nigel Metheringham Date: Sun, 4 Nov 2012 09:44:38 +0000 Subject: [PATCH 1/4] Ensure user owns their ssh key directory on creation Lost section from commit 8049777 --- library/user | 1 + 1 file changed, 1 insertion(+) diff --git a/library/user b/library/user index 06dc717780b..c699f8db136 100755 --- a/library/user +++ b/library/user @@ -430,6 +430,7 @@ class User(object): if not os.path.exists(ssh_dir): try: os.mkdir(ssh_dir, 0700) + os.chown(ssh_dir, info[2], info[3]) except OSError, e: return (1, '', 'Failed to create %s: %s' % (ssh_dir, str(e))) if os.path.exists(ssh_key_file): From 75a2b2ba2dd02d8a09bcb4a053c7c86fb8118295 Mon Sep 17 00:00:00 2001 From: Nigel Metheringham Date: Sun, 4 Nov 2012 09:47:30 +0000 Subject: [PATCH 2/4] Use the existing framework when running ssh_keygen --- library/user | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/user b/library/user index c699f8db136..7bd7c5a89ff 100755 --- a/library/user +++ b/library/user @@ -450,9 +450,7 @@ class User(object): else: cmd.append('') - p = subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - (out, err) = p.communicate() - rc = p.returncode + (rc, out, err) = self.execute_command(cmd) if rc == 0: # If the keys were successfully created, we should be able # to tweak ownership. From 1ab1c8d37411d7a771dfb3eccb34ef34def4f7c5 Mon Sep 17 00:00:00 2001 From: Nigel Metheringham Date: Sun, 4 Nov 2012 09:54:50 +0000 Subject: [PATCH 3/4] Take SHADOWFILE from existing user object rather than class --- library/user | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/user b/library/user index 7bd7c5a89ff..961b17b35a5 100755 --- a/library/user +++ b/library/user @@ -407,8 +407,8 @@ class User(object): return passwd else: # Read shadow file for user's encrypted password string - if os.path.exists(User.SHADOWFILE) and os.access(User.SHADOWFILE, os.R_OK): - for line in open(User.SHADOWFILE).readlines(): + if os.path.exists(self.SHADOWFILE) and os.access(self.SHADOWFILE, os.R_OK): + for line in open(self.SHADOWFILE).readlines(): if line.startswith('%s:' % self.name): passwd = line.split(':')[1] return passwd From f905e751ac3209b158000aff950c1cf6ae837249 Mon Sep 17 00:00:00 2001 From: Nigel Metheringham Date: Sun, 4 Nov 2012 12:09:19 +0000 Subject: [PATCH 4/4] FreeBSD user mod only fires when there are changes Also fix missing -G on groups change --- library/user | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/library/user b/library/user index 961b17b35a5..afa2364aed5 100755 --- a/library/user +++ b/library/user @@ -568,6 +568,7 @@ class FreeBsdUser(User): 'usermod', '-n', self.name ] + cmd_len = len(cmd) info = self.user_info() if self.uid is not None and info[2] != int(self.uid): @@ -614,15 +615,19 @@ class FreeBsdUser(User): groups_need_mod = True if groups_need_mod: + cmd.append('-G') new_groups = groups if self.append: new_groups.append(current_groups) cmd.append(','.join(new_groups)) - # modify the user - (rc, out, err) = self.execute_command(cmd) - if rc is not None and rc != 0: - module.fail_json(name=self.name, msg=err, rc=rc) + # modify the user if cmd will do anything + if cmd_len != len(cmd): + (rc, out, err) = self.execute_command(cmd) + if rc is not None and rc != 0: + module.fail_json(name=self.name, msg=err, rc=rc) + else: + (rc, out, err) = (None, '', '') # we have to set the password in a second command if self.password is not None and info[1] != self.password: