Fixed #2645 - Added support for creating system users

On Red Hat, Ubuntu, Debian and deriatives the -r flag allows creation of "system" users with a UID below that defined in /etc/login.defs. This commit adds support for a system parameter and a system_users feature which can be used like so: user { "foo": system => true, ensure => present, } This will create a user with a lower UID. The system parameter defaults to false.
author: James Turnbull <james@lovedthanlost.net> 2011-03-09 17:56:37 +1100
committer: James Turnbull <james@lovedthanlost.net> 2011-03-09 17:56:37 +1100
commit: 4bd54939ceb4c588b1633117d88472fe48e9dfdf (patch)
tree: 9f4219830b3b463f0f5c4c0b9716b8cecd0c01fb
parent: d24e32a19648d7a97c329fc3a5c4277f05cc5b04 (diff)
download: puppet-4bd54939ceb4c588b1633117d88472fe48e9dfdf.tar.gz
puppet-4bd54939ceb4c588b1633117d88472fe48e9dfdf.tar.xz
puppet-4bd54939ceb4c588b1633117d88472fe48e9dfdf.zip
4 files changed, 57 insertions, 4 deletions
diff --git a/lib/puppet/provider/user/useradd.rb b/lib/puppet/provider/user/useradd.rb
index ba406cc63..b87971738 100644
--- a/lib/puppet/provider/user/useradd.rb
+++ b/lib/puppet/provider/user/useradd.rb
@@ -19,7 +19,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     value !~ /\s/
   end
 
-  has_features :manages_homedir, :allows_duplicates, :manages_expiry
+  has_features :manages_homedir, :allows_duplicates, :manages_expiry, :system_users
 
   has_features :manages_passwords, :manages_password_age if Puppet.features.libshadow?
 
@@ -46,6 +46,10 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     cmd
   end
 
+  def check_system_users
+    @resource.system? ? ["-r"] : []
+  end
+
   def add_properties
     cmd = []
     Puppet::Type.type(:user).validproperties.each do |property|
@@ -66,6 +70,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     cmd += check_allow_dup
     cmd += check_manage_home
     cmd += check_manage_expiry
+    cmd += check_system_users
     cmd << @resource[:name]
   end
 
diff --git a/lib/puppet/type/user.rb b/lib/puppet/type/user.rb
index e7389a0d1..dcba181fe 100755
--- a/lib/puppet/type/user.rb
+++ b/lib/puppet/type/user.rb
@@ -34,6 +34,9 @@ module Puppet
     feature :manages_expiry,
       "The provider can manage the expiry date for a user."
 
+   feature :system_users,
+     "The provider allows you to create system users with lower UIDs."
+
     newproperty(:ensure, :parent => Puppet::Property::Ensure) do
       newvalue(:present, :event => :user_created) do
         provider.create
@@ -230,6 +233,14 @@ module Puppet
       defaultto :minimum
     end
 
+    newparam(:system, :boolean => true) do
+      desc "Whether the user is a system user with lower UID."
+
+      newvalues(:true, :false)
+
+      defaultto false
+    end
+
     newparam(:allowdupe, :boolean => true) do
       desc "Whether to allow duplicate UIDs."
 
diff --git a/spec/unit/provider/user/useradd_spec.rb b/spec/unit/provider/user/useradd_spec.rb
index 9ebba596c..81ad7d400 100755
--- a/spec/unit/provider/user/useradd_spec.rb
+++ b/spec/unit/provider/user/useradd_spec.rb
@@ -15,6 +15,7 @@ describe provider_class do
   # #1360
   it "should add -o when allowdupe is enabled and the user is being created" do
     @resource.expects(:allowdupe?).returns true
+    @resource.expects(:system?).returns true
     @provider.stubs(:execute)
     @provider.expects(:execute).with { |args| args.include?("-o") }
     @provider.create
@@ -27,6 +28,14 @@ describe provider_class do
     @provider.uid = 150
   end
 
+  it "should add -r when system is enabled" do
+    @resource.expects(:allowdupe?).returns true
+    @resource.expects(:system?).returns true
+    @provider.stubs(:execute)
+    @provider.expects(:execute).with { |args| args.include?("-r") }
+    @provider.create
+  end
+
   it "should set password age rules" do
     provider_class.has_feature :manages_password_age
     @resource = Puppet::Type.type(:user).new :name => "myuser", :password_min_age => 5, :password_max_age => 10, :provider => :useradd
@@ -53,6 +62,23 @@ describe provider_class do
     end
   end
 
+  describe "when checking to add system users" do
+    it "should check system users" do
+      @resource.expects(:system?)
+      @provider.check_system_users
+    end
+
+    it "should return an array with a flag if it's a system user" do
+      @resource.stubs(:system?).returns true
+      @provider.check_system_users.must == ["-r"]
+    end
+
+    it "should return an empty array if it's not a system user" do
+      @resource.stubs(:system?).returns false
+      @provider.check_system_users.must == []
+    end
+  end
+
   describe "when checking manage home" do
     it "should check manage home" do
       @resource.expects(:managehome?)
@@ -88,6 +114,7 @@ describe provider_class do
     before do
       @resource.stubs(:allowdupe?).returns true
       @resource.stubs(:managehome?).returns true
+      @resource.stubs(:system?).returns true
     end
 
     it "should call command with :add" do
@@ -105,6 +132,11 @@ describe provider_class do
       @provider.addcmd
     end
 
+    it "should check and add if it's a system user" do
+      @provider.expects(:check_system_users).returns([])
+      @provider.addcmd
+    end
+
     it "should check and add if home is managed" do
       @provider.expects(:check_manage_home).returns([])
       @provider.addcmd
@@ -120,15 +152,15 @@ describe provider_class do
       @provider.stubs(:add_properties).returns(["-G", "somegroup"])
       @resource.stubs(:[]).with(:name).returns("someuser")
       @resource.stubs(:[]).with(:expiry).returns("somedate")
-      @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", '-e somedate', "someuser"]
+      @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", '-e somedate', "-r", "someuser"]
     end
 
-    it "should return an array without -e if expery is undefined full command" do
+    it "should return an array without -e if expiry is undefined full command" do
       @provider.stubs(:command).with(:add).returns("useradd")
       @provider.stubs(:add_properties).returns(["-G", "somegroup"])
       @resource.stubs(:[]).with(:name).returns("someuser")
       @resource.stubs(:[]).with(:expiry).returns nil
-      @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", "someuser"]
+      @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", "-r", "someuser"]
     end
   end
 
@@ -136,6 +168,7 @@ describe provider_class do
     before do
       @resource.stubs(:allowdupe?).returns true
       @resource.stubs(:managehome?).returns true
+      @resource.stubs(:system?).returns true
     end
 
     it "should call command with :pass" do
diff --git a/spec/unit/type/user_spec.rb b/spec/unit/type/user_spec.rb
index 297134446..5a84af443 100755
--- a/spec/unit/type/user_spec.rb
+++ b/spec/unit/type/user_spec.rb
@@ -43,6 +43,10 @@ describe user do
     user.provider_feature(:manages_password_age).should_not be_nil
   end
 
+  it "should have a system_users feature" do
+    user.provider_feature(:system_users).should_not be_nil
+  end
+
   describe "instances" do
     it "should have a valid provider" do
       user.new(:name => "foo").provider.class.ancestors.should be_include(Puppet::Provider)
author	James Turnbull <james@lovedthanlost.net>	2011-03-09 17:56:37 +1100
committer	James Turnbull <james@lovedthanlost.net>	2011-03-09 17:56:37 +1100
commit	4bd54939ceb4c588b1633117d88472fe48e9dfdf (patch)
tree	9f4219830b3b463f0f5c4c0b9716b8cecd0c01fb
parent	d24e32a19648d7a97c329fc3a5c4277f05cc5b04 (diff)
download	puppet-4bd54939ceb4c588b1633117d88472fe48e9dfdf.tar.gz puppet-4bd54939ceb4c588b1633117d88472fe48e9dfdf.tar.xz puppet-4bd54939ceb4c588b1633117d88472fe48e9dfdf.zip