Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # --------------------------------------------------------
- #
- # View information for use 'logcheck' using passwd and group files
- #
- # --------------------------------------------------------
- # cat /etc/passwd | grep logcheck
- logcheck:x:102:104:logcheck system account,,,:/var/lib/logcheck:/bin/false
- # cat /etc/group | grep logcheck
- adm:x:4:logcheck
- mail:x:8:logcheck
- logcheck:x:104:
- # --------------------------------------------------------
- #
- # How I want 'logcheck' user to be configured via BCFG2.
- # I tried to set this so that it matches the existing user.
- #
- # --------------------------------------------------------
- # cat /var/lib/bcfg2/Properties/accounts.xml
- <Properties>
- <!-- Make sure logcheck is a member of the mail group. By default
- "he" isn't. On our system logcheck needs to be, or "he" won't be
- able to send mail via sSMTP due to permissions on the ssmtp
- config file related to the presence of a non-critical clear-text
- password.
- -->
- <UnixUser name='logcheck'
- uid='102'
- group='logcheck'
- gid='104'
- gecos='logcheck system account'
- home='/var/lib/logcheck'
- shell='/bin/false'
- extra_groups='adm mail' />
- </Properties>
- # --------------------------------------------------------
- #
- # Running bcfg2 in dry run mode gives no output or indication that
- # the user 'logcheck' needs any changing
- #
- # --------------------------------------------------------
- # bcfg2 -vn
- Running probe accounts
- Probe accounts has result:
- U:root:0:root:root@tsw-policy:/root:/bin/bash:
- U:daemon:1:daemon:daemon:/usr/sbin:/bin/sh:
- U:bin:2:bin:bin:/bin:/bin/sh:
- U:sys:3:sys:sys:/dev:/bin/sh:
- U:sync:4:nogroup:sync:/bin:/bin/sync:
- U:games:5:games:games:/usr/games:/bin/sh:
- U:man:6:man:man:/var/cache/man:/bin/sh:
- U:lp:7:lp:lp:/var/spool/lpd:/bin/sh:
- U:mail:8:mail:mail:/var/mail:/bin/sh:
- U:news:9:news:news:/var/spool/news:/bin/sh:
- U:uucp:10:uucp:uucp:/var/spool/uucp:/bin/sh:
- U:proxy:13:proxy:proxy:/bin:/bin/sh:
- U:www-data:33:www-data:www-data:/var/www:/bin/sh:
- U:backup:34:backup:backup:/var/backups:/bin/sh:
- U:list:38:list:Mailing List Manager:/var/list:/bin/sh:
- U:irc:39:irc:ircd:/var/run/ircd:/bin/sh:
- U:gnats:41:gnats:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh:
- U:nobody:65534:nogroup:nobody:/nonexistent:/bin/sh:
- U:libuuid:100:libuuid::/var/lib/libuuid:/bin/sh:
- U:sshd:101:nogroup::/var/run/sshd:/usr/sbin/nologin:
- U:logcheck:102:logcheck:logcheck system account,,,:/var/lib/logcheck:/bin/false:
- adm mail
- G:root:0
- G:daemon:1
- G:bin:2
- G:sys:3
- G:adm:4
- G:tty:5
- G:disk:6
- G:lp:7
- G:mail:8
- G:news:9
- G:uucp:10
- G:man:12
- G:proxy:13
- G:kmem:15
- G:dialout:20
- G:fax:21
- G:voice:22
- G:cdrom:24
- G:floppy:25
- G:tape:26
- G:sudo:27
- G:audio:29
- G:dip:30
- G:www-data:33
- G:backup:34
- G:operator:37
- G:list:38
- G:irc:39
- G:src:40
- G:gnats:41
- G:shadow:42
- G:utmp:43
- G:video:44
- G:sasl:45
- G:plugdev:46
- G:staff:50
- G:games:60
- G:users:100
- G:nogroup:65534
- G:libuuid:101
- G:crontab:102
- G:ssh:103
- G:logcheck:104
- Running probe groups
- Probe groups has result:
- group:amd64
- Loaded tool drivers:
- APT Action DebInit POSIX
- Phase: initial
- Correct entries: 253
- Incorrect entries: 0
- Total managed entries: 253
- Unmanaged entries: 5
- Phase: final
- Correct entries: 253
- Incorrect entries: 0
- Total managed entries: 253
- Unmanaged entries: 5
- # --------------------------------------------------------
- #
- # Running bcfg not in dry-run mode suddenly wants to make a change
- # to the 'logcheck' user, but why? If I am correctly interpreting the
- # usermod command it wants to run, this will have no effect on the system.
- #
- # Doesn't the bcfg2-accounts plugin query the system and check the existing
- # user accounts before issuing the command to usermod?
- #
- # --------------------------------------------------------
- # bcfg2 -I
- Run Action usermod logcheck, /usr/sbin/usermod -m -u '102' -g 'logcheck' -G 'adm,mail' -d '/var/lib/logcheck' -s '/bin/false' -c 'logcheck system account' 'logcheck': (y/N): N
Add Comment
Please, Sign In to add comment