Enable changing of default umask for mkhomedir.

walkamongus · Jul 19, 2017 · f7a72a8 · f7a72a8
1 parent 28180f8
commit f7a72a8
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 12 deletions.
diff --git a/README.markdown b/README.markdown
@@ -122,6 +122,7 @@ Default values are in params.pp.
 * `realmd_package_name`: String. The name of the main Realmd package.
 * `realmd_config_file`: String. The absolute path of the Realmd configuration file.
 * `realmd_config`: Hash. A hash of configuration options structured in an ini-style format.
+* `homedir_umask`: String. A string of the umask for the default directory permissions created by mkhomedir with Debian.
 * `adcli_package_name`: String. The name of the adcli package
 * `krb_client_package_name`: String. The name of the Kerberos client package.
 * `sssd_package_name`: String. The name of the main SSSD package.

diff --git a/data/common.yaml b/data/common.yaml
@@ -3,6 +3,7 @@ realmd::realmd_package_name: realmd
 realmd::realmd_package_ensure: present
 realmd::realmd_config_file: /etc/realmd.conf
 realmd::realmd_config: {}
+realmd::homedir_umask: '0022'
 realmd::adcli_package_name: adcli
 realmd::adcli_package_ensure: present
 realmd::sssd_package_name: sssd

diff --git a/files/realmd_mkhomedir b/files/realmd_mkhomedir
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -6,6 +6,7 @@
 
   $_realmd_config      = $::realmd::realmd_config
   $_realmd_config_file = $::realmd::realmd_config_file
+  $_realmd_home_umask  = $::realmd::homedir_umask
 
   file { $_realmd_config_file:
     ensure  => file,
@@ -17,12 +18,12 @@
 
   if $::osfamily == 'Debian' {
     file { '/usr/share/pam-configs/realmd_mkhomedir':
-      ensure => file,
-      owner  => 'root',
-      group  => 'root',
-      mode   => '0644',
-      source => 'puppet:///modules/realmd/realmd_mkhomedir',
-      notify => Exec['realm-pam-auth-update'],
+      ensure  => file,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => template('realmd/realmd_mkhomedir.erb'),
+      notify  => Exec['realm-pam-auth-update'],
     }
 
     exec { 'realm-pam-auth-update':

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -15,6 +15,7 @@
   String $realmd_package_ensure,
   Stdlib::Absolutepath $realmd_config_file,
   Hash $realmd_config,
+  String $homedir_umask,
   String $adcli_package_name,
   String $adcli_package_ensure,
   String $krb_client_package_name,

diff --git a/templates/realmd_mkhomedir.erb b/templates/realmd_mkhomedir.erb
@@ -0,0 +1,6 @@
+Name: Make home directory for new logins
+Default: yes
+Priority: 900
+Session-Type: Additional
+Session:
+        required                        pam_mkhomedir.so umask=<%= @_realmd_home_umask %> skel=/etc/skel