diff options
| author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-01-18 11:05:37 -0500 |
|---|---|---|
| committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-01-18 11:05:37 -0500 |
| commit | 84b9fabb4895b38eeddefdcc417301e8ae1befc4 (patch) | |
| tree | a409a3e9ac6eac1f30f562a8cae27e4571807032 /doc | |
| parent | 661d1f6d2789e855eff4fca38e6f4a0a564da728 (diff) | |
| parent | 3d78a3a1c00035c9d8c49b949b63e8f05f31c7a1 (diff) | |
| download | bcfg2-84b9fabb4895b38eeddefdcc417301e8ae1befc4.tar.gz bcfg2-84b9fabb4895b38eeddefdcc417301e8ae1befc4.tar.bz2 bcfg2-84b9fabb4895b38eeddefdcc417301e8ae1befc4.zip | |
Merge branch 'master' into 1.3.1
Conflicts:
src/lib/Bcfg2/Server/Plugins/Properties.py
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/client/tools/posixusers.txt | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/doc/client/tools/posixusers.txt b/doc/client/tools/posixusers.txt index 5fa2feb9c..45536632f 100644 --- a/doc/client/tools/posixusers.txt +++ b/doc/client/tools/posixusers.txt @@ -40,6 +40,52 @@ entry on the fly; this has a few repercussions: specify a particular GID number, you must explicitly define a ``POSIXGroup`` entry for the group. +Managed UID/GID Ranges +====================== + +In many cases, there will be users on a system that you do not want to +manage with Bcfg2, nor do you want them to be flagged as extra +entries. For example, users from an LDAP directory. In this case, +you may want to manage the local users on a machine with Bcfg2, while +leaving the LDAP users to be managed by the LDAP directory. To do +this, you can configure the UID and GID ranges that are to be managed +by Bcfg2 by setting the following options in the ``[POSIXUsers]`` +section of ``bcfg2.conf`` on the *client*: + +* ``uid_whitelist`` +* ``uid_blacklist`` +* ``gid_whitelist`` +* ``gid_blacklist`` + +Each option takes a comma-delimited list of numeric ranges, inclusive +at both bounds, one of which may be open-ended on the upper bound, +e.g.:: + + [POSIXUsers] + uid_blacklist=1000- + gid_whitelist=0-500,700-999 + +This would tell Bcfg2 to manage all users whose uid numbers were *not* +greater than or equal to 1000, and all groups whose gid numbers were 0 +<= ``gid`` <= 500 or 700 <= ``gid`` <= 999. + +If a whitelist is provided, it will be used; otherwise, the blacklist +will be used. (I.e., if you provide both, the blacklist will be +ignored.) + +If a user or group is added to the specification with a uid or gid in +an unmanaged range, it will produce an error. + +.. note:: + + If you specify POSIXUser or POSIXGroup tags without an explicit + uid or gid, this will **not** prevent the users/groups from being + created with a uid/gid in an unmanaged range. If you want that to + happen, you will need to configure your ``useradd``/``groupadd`` + defaults appropriately. Note also, however, that this will not + cause Bcfg2 errors; it is only an error if a POSIXUser or + POSIXGroup has an *explicit* uid/gid in an unmanaged range. + Creating a baseline configuration ================================= @@ -50,4 +96,3 @@ packaging system.) The often-tedious task of creating a baseline that defines all users and groups can be simplified by use of the ``tools/posixusers_baseline.py`` script, which outputs a bundle containing all users and groups on the machine it's run on. - |