Commit 91142192 authored by mh's avatar mh
Browse files

remove user_provider and make the group of the rootdir the group of the user

parent a84e1ffd
# Manages common things amongst webhostings
# user_provider:
# - local: user will be crated locally (*default*)
# - everything else will currently do noting
# user_access:
# - sftp: an sftp only user will be created (*default*)
# wwwmail:
# With a local user_provider this will include the web run user in a group called wwwmailers.
# This makes it easier to enable special rights on a webserver's mailserver to this group.
# This will include the web run user in a group called wwwmailers.
# This makes it easier to enable special rights on a webserver's mailserver to
# this group.
# - default: false
define webhosting::common(
$ensure = present,
......@@ -15,7 +13,6 @@ define webhosting::common(
$uid_name = 'absent',
$gid = 'uid',
$gid_name = 'absent',
$user_provider = 'local',
$user_access = 'sftp',
$password = 'absent',
$password_crypted = true,
......@@ -63,7 +60,7 @@ define webhosting::common(
$vhost_path = "/var/www/vhosts/${name}"
if ($user_provider == 'local') and ($user_access == 'sftp') {
if ($user_access == 'sftp') {
$real_uid = $uid ? {
'iuid' => iuid($real_uid_name,'webhosting'),
default => $uid
......@@ -83,89 +80,83 @@ define webhosting::common(
include ::apache::sftponly
}
case $run_mode {
'fcgid','static': {
if ($user_access == 'sftp') {
if ($ensure != 'absent') {
User::Sftp_only[$real_uid_name]{
homedir_mode => '0755',
}
}
user::groups::manage_user{
"apache_in_${real_gid_name}":
group => $real_gid_name,
user => 'apache',
if $run_mode in ['fcgid','static'] {
if ($user_access == 'sftp') {
if ($ensure != 'absent') {
User::Sftp_only[$real_uid_name]{
homedir_mode => '0750',
}
}
user::groups::manage_user{
"apache_in_${real_gid_name}":
group => $real_gid_name,
user => 'apache',
}
User::Groups::Manage_user["apache_in_${real_gid_name}"]{
ensure => $ensure,
}
if $ensure == 'present' {
User::Groups::Manage_user["apache_in_${real_gid_name}"]{
ensure => $ensure,
}
if $ensure == 'present' {
User::Groups::Manage_user["apache_in_${real_gid_name}"]{
require => User::Sftp_only[$real_uid_name],
}
require => User::Sftp_only[$real_uid_name],
}
}
}
}
case $run_mode {
'fcgid': {
if ($run_uid=='absent') and ($ensure != 'absent') {
fail("you need to define run_uid for ${name} on ${::fqdn} to use fcgid")
}
if ($user_provider == 'local') {
$real_run_uid = $run_uid ? {
'iuid' => iuid($real_run_uid_name,'webhosting'),
default => $run_uid,
}
$shell = $::operatingsystem ? {
/^(Debian|Ubuntu)$/ => '/usr/sbin/nologin',
default => '/sbin/nologin',
}
user::managed{$real_run_uid_name:
ensure => $ensure,
manage_group => false,
managehome => false,
homedir => $vhost_path,
uid => $real_run_uid,
shell => $shell,
if $run_mode == 'fcgid' {
if ($run_uid=='absent') and ($ensure != 'absent') {
fail("you need to define run_uid for ${name} on ${::fqdn} to use fcgid")
}
$real_run_uid = $run_uid ? {
'iuid' => iuid($real_run_uid_name,'webhosting'),
default => $run_uid,
}
$shell = $::operatingsystem ? {
/^(Debian|Ubuntu)$/ => '/usr/sbin/nologin',
default => '/sbin/nologin',
}
user::managed{$real_run_uid_name:
ensure => $ensure,
manage_group => false,
managehome => false,
homedir => $vhost_path,
uid => $real_run_uid,
shell => $shell,
}
if ($user_access == 'sftp') {
if ($ensure == 'absent') {
User::Managed[$real_run_uid_name]{
before => User::Sftp_only[$real_uid_name],
}
if ($user_access == 'sftp') {
if ($ensure == 'absent') {
User::Managed[$real_run_uid_name]{
before => User::Sftp_only[$real_uid_name],
}
} else {
User::Managed[$real_run_uid_name]{
require => User::Sftp_only[$real_uid_name],
}
}
} else {
User::Managed[$real_run_uid_name]{
require => User::Sftp_only[$real_uid_name],
}
}
}
if $wwwmail {
user::groups::manage_user{
"${real_run_uid_name}_in_wwwmailers":
ensure => $ensure,
group => 'wwwmailers',
user => $real_run_uid_name,
}
if ($ensure == 'present') {
require ::webhosting::wwwmailers
User::Groups::Manage_user["${real_run_uid_name}_in_wwwmailers"]{
require => User::Managed[$real_run_uid_name],
}
}
}
if ($ensure == 'present') {
$rreal_run_gid = $real_run_gid ? {
'iuid' => iuid($real_uid_name,'webhosting'),
default => $real_run_gid,
}
User::Managed[$real_run_uid_name]{
gid => $rreal_run_gid,
}
if $wwwmail {
user::groups::manage_user{
"${real_run_uid_name}_in_wwwmailers":
ensure => $ensure,
group => 'wwwmailers',
user => $real_run_uid_name,
}
if ($ensure == 'present') {
require ::webhosting::wwwmailers
User::Groups::Manage_user["${real_run_uid_name}_in_wwwmailers"]{
require => User::Managed[$real_run_uid_name],
}
}
}
if ($ensure == 'present') {
$rreal_run_gid = $real_run_gid ? {
'iuid' => iuid($real_uid_name,'webhosting'),
default => $real_run_gid,
}
User::Managed[$real_run_uid_name]{
gid => $rreal_run_gid,
}
}
}
if $nagios_check != 'unmanaged' {
......
......@@ -2,9 +2,6 @@
# - www: add as well a www.${name} entry
# - absent: do nothing
# - default: add the string
# user_provider:
# - local: user will be crated locally (*default*)
# - everything else will currently do noting
# run_mode:
# - normal: nothing special (*default*)
# - fcgid: apache is running with the fcgid module and suexec
......@@ -24,7 +21,6 @@ define webhosting::modperl(
$uid_name = 'absent',
$gid = 'uid',
$gid_name = 'absent',
$user_provider = 'local',
$password = 'absent',
$password_crypted = true,
$domain = 'absent',
......@@ -32,7 +28,7 @@ define webhosting::modperl(
$server_admin = 'absent',
$logmode = 'default',
$owner = root,
$group = 'sftponly',
$group = 'absent',
$run_mode = 'normal',
$run_uid = 'absent',
$run_uid_name = 'absent',
......@@ -69,6 +65,11 @@ define webhosting::modperl(
} else {
$real_gid_name = $gid_name
}
if ($group == 'absent') {
$real_group = $real_gid_name
} else {
$real_group = 'apache'
}
webhosting::common{$name:
ensure => $ensure,
configuration => $configuration,
......@@ -76,7 +77,6 @@ define webhosting::modperl(
uid_name => $real_uid_name,
gid => $gid,
gid_name => $real_gid_name,
user_provider => $user_provider,
password => $password,
password_crypted => $password_crypted,
htpasswd_file => $htpasswd_file,
......@@ -101,7 +101,7 @@ define webhosting::modperl(
domainalias => $domainalias,
server_admin => $server_admin,
logmode => $logmode,
group => $group,
group => $real_group,
allow_override => $allow_override,
do_includes => $do_includes,
options => $options,
......@@ -138,18 +138,14 @@ define webhosting::modperl(
run_uid => $real_run_uid_name,
run_gid => $real_run_gid_name,
}
if ($user_provider == 'local') {
Apache::Vhost::Modperl[$name]{
require => [ User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name] ],
}
Apache::Vhost::Modperl[$name]{
require => [ User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name] ],
}
}
default: {
if ($user_provider == 'local') {
Apache::Vhost::Modperl[$name]{
require => User::Sftp_only[$real_uid_name],
}
Apache::Vhost::Modperl[$name]{
require => User::Sftp_only[$real_uid_name],
}
}
}
......
......@@ -2,9 +2,6 @@
# - www: add as well a www.${name} entry
# - absent: do nothing
# - default: add the string
# user_provider:
# - local: user will be crated locally (*default*)
# - everything else will currently do noting
# run_uid: the uid the vhost should run as with the mod_passenger module
# run_gid: the gid the vhost should run as with the mod_passenger module
# user_access:
......@@ -22,7 +19,6 @@ define webhosting::passenger(
$uid_name = 'absent',
$gid = 'uid',
$gid_name = 'absent',
$user_provider = 'local',
$user_access = 'sftp',
$password = 'absent',
$password_crypted = true,
......@@ -59,15 +55,6 @@ define webhosting::passenger(
$git_repo = 'absent',
){
if ($group == 'absent') and ($user_access == 'sftp') {
$real_group = 'sftponly'
} else {
if ($group == 'absent') {
$real_group = 'apache'
} else {
$real_group = $group
}
}
if ($uid_name == 'absent'){
$real_uid_name = $name
} else {
......@@ -78,6 +65,15 @@ define webhosting::passenger(
} else {
$real_gid_name = $gid_name
}
if ($group == 'absent') and ($user_access == 'sftp') {
$real_group = $real_gid_name
} else {
if ($group == 'absent') {
$real_group = 'apache'
} else {
$real_group = $group
}
}
webhosting::common{$name:
ensure => $ensure,
configuration => $configuration,
......@@ -85,7 +81,6 @@ define webhosting::passenger(
uid_name => $real_uid_name,
gid => $gid,
gid_name => $real_gid_name,
user_provider => $user_provider,
user_access => $user_access,
password => $password,
password_crypted => $password_crypted,
......@@ -180,18 +175,14 @@ define webhosting::passenger(
run_uid => $real_run_uid_name,
run_gid => $real_run_gid_name,
}
if ($user_provider == 'local') {
Apache::Vhost::Passenger[$name]{
require => [ User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name] ],
}
Apache::Vhost::Passenger[$name]{
require => [ User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name] ],
}
}
default: {
if ($user_provider == 'local') {
Apache::Vhost::Passenger[$name]{
require => User::Sftp_only[$real_uid_name],
}
Apache::Vhost::Passenger[$name]{
require => User::Sftp_only[$real_uid_name],
}
if ($run_uid_name == 'absent'){
$real_run_uid_name = 'apache'
......
......@@ -2,9 +2,6 @@
# - www: add as well a www.${name} entry
# - absent: do nothing
# - default: add the string
# user_provider:
# - local: user will be crated locally (*default*)
# - everything else will currently do noting
# run_mode:
# - normal: nothing special (*default*)
# - fcgid: apache is running with the fcgid module and suexec
......@@ -24,7 +21,6 @@ define webhosting::php(
$uid_name = 'absent',
$gid = 'uid',
$gid_name = 'absent',
$user_provider = 'local',
$user_access = 'sftp',
$password = 'absent',
$password_crypted = true,
......@@ -66,25 +62,24 @@ define webhosting::php(
$mod_security = true,
$git_repo = 'absent',
){
if ($group == 'absent') and ($user_access == 'sftp') {
$real_group = 'sftponly'
if ($gid_name == 'absent'){
$real_gid_name = $real_uid_name
} else {
if ($group == 'absent') {
$real_group = 'apache'
} else {
$real_group = $group
}
$real_gid_name = $gid_name
}
if ($uid_name == 'absent'){
$real_uid_name = $name
} else {
$real_uid_name = $uid_name
}
if ($gid_name == 'absent'){
$real_gid_name = $real_uid_name
if ($group == 'absent') and ($user_access == 'sftp') {
$real_group = $real_gid_name
} else {
$real_gid_name = $gid_name
if ($group == 'absent') {
$real_group = 'apache'
} else {
$real_group = $group
}
}
webhosting::common{$name:
ensure => $ensure,
......@@ -93,7 +88,6 @@ define webhosting::php(
uid_name => $real_uid_name,
gid => $gid,
gid_name => $real_gid_name,
user_provider => $user_provider,
user_access => $user_access,
password => $password,
password_crypted => $password_crypted,
......@@ -158,18 +152,14 @@ define webhosting::php(
run_uid => $real_run_uid_name,
run_gid => $real_run_gid_name,
}
if ($user_provider == 'local') {
Apache::Vhost::Php::Standard[$name]{
require => [User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name] ],
}
Apache::Vhost::Php::Standard[$name]{
require => [User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name] ],
}
}
default: {
if ($user_provider == 'local') {
Apache::Vhost::Php::Standard[$name]{
require => User::Sftp_only[$real_uid_name],
}
Apache::Vhost::Php::Standard[$name]{
require => User::Sftp_only[$real_uid_name],
}
}
}
......
......@@ -2,9 +2,6 @@
# - www: add as well a www.${name} entry
# - absent: do nothing
# - default: add the string
# user_provider:
# - local: user will be crated locally (*default*)
# - everything else will currently do noting
# run_mode:
# - normal: nothing special (*default*)
# - fcgid: apache is running with the fcgid module and suexec
......@@ -24,14 +21,13 @@ define webhosting::php::drupal(
$uid_name = 'absent',
$gid = 'uid',
$gid_name = 'absent',
$user_provider = 'local',
$password = 'absent',
$password_crypted = true,
$domainalias = 'www',
$server_admin = 'absent',
$logmode = 'default',
$owner = root,
$group = 'sftponly',
$group = 'absent',
$run_mode = 'normal',
$run_uid = 'absent',
$run_uid_name = 'absent',
......@@ -76,7 +72,11 @@ define webhosting::php::drupal(
} else {
$real_gid_name = $gid_name
}
if ($group == 'absent') {
$real_group = $real_gid_name
} else {
$real_group = 'apache'
}
$path = "/var/www/vhosts/${name}"
$documentroot = "${path}/www"
......@@ -87,7 +87,6 @@ define webhosting::php::drupal(
uid_name => $real_uid_name,
gid => $gid,
gid_name => $real_gid_name,
user_provider => $user_provider,
password => $password,
password_crypted => $password_crypted,
htpasswd_file => $htpasswd_file,
......@@ -114,7 +113,7 @@ define webhosting::php::drupal(
domainalias => $domainalias,
server_admin => $server_admin,
logmode => $logmode,
group => $group,
group => $real_group,
allow_override => $allow_override,
do_includes => $do_includes,
options => $options,
......
......@@ -2,9 +2,6 @@
# - www: add as well a www.${name} entry
# - absent: do nothing
# - default: add the string
# user_provider:
# - local: user will be crated locally (*default*)
# - everything else will currently do noting
# run_mode:
# - normal: nothing special (*default*)
# - fcgid: apache is running with the fcgid module and seuxec
......@@ -24,14 +21,13 @@ define webhosting::php::gallery2(
$uid_name = 'absent',
$gid = 'uid',
$gid_name = 'absent',
$user_provider = 'local',
$password = 'absent',
$password_crypted = true,
$domainalias = 'www',
$server_admin = 'absent',
$logmode = 'default',
$owner = root,
$group = 'sftponly',
$group = 'absent',
$run_mode = 'normal',
$run_uid = 'absent',
$run_uid_name = 'absent',
......@@ -75,6 +71,11 @@ define webhosting::php::gallery2(
} else {
$real_gid_name = $gid_name
}
if ($group == 'absent') {
$real_group = $real_gid_name
} else {
$real_group = 'apache'
}
webhosting::common{$name:
ensure => $ensure,
configuration => $configuration,
......@@ -82,7 +83,6 @@ define webhosting::php::gallery2(
uid_name => $real_uid_name,
gid => $gid,
gid_name => $real_gid_name,
user_provider => $user_provider,
password => $password,
password_crypted => $password_crypted,
htpasswd_file => $htpasswd_file,
......
......@@ -2,9 +2,6 @@
# - www: add as well a www.${name} entry
# - absent: do nothing
# - default: add the string
# user_provider:
# - local: user will be crated locally (*default*)
# - everything else will currently do noting
# run_mode:
# - normal: nothing special (*default*)
# - fcgid: apache is running with the fcgid module and suexec
......@@ -24,7 +21,6 @@ define webhosting::php::joomla(
$uid_name = 'absent',
$gid = 'uid',
$gid_name = 'absent',
$user_provider = 'local',
$password = 'absent',
$password_crypted = true,
$domainalias = 'www',
......@@ -76,6 +72,11 @@ define webhosting::php::joomla(
} else {
$real_gid_name = $gid_name
}
if ($group == 'absent') {
$real_group = $real_gid_name
} else {
$real_group = 'apache'
}
webhosting::common{$name:
ensure => $ensure,
configuration => $configuration,
......@@ -83,7 +84,6 @@ define webhosting::php::joomla(
uid_name => $real_uid_name,
gid => $gid,
gid_name => $real_gid_name,
user_provider => $user_provider,
password => $password,
password_crypted => $password_crypted,
htpasswd_file => $htpasswd_file,
......
......@@ -2,9 +2,6 @@
# - www: add as well a www.${name} entry
# - absent: do nothing
# - default: add the string
# user_provider:
# - local: user will be crated locally (*default*)
# - everything else will currently do noting
# run_mode:
# - normal: nothing special (*default*)
# - fcgid: apache is running with the fcgid module and suexec
......@@ -23,7 +20,6 @@ define webhosting::php::mediawiki(
$uid_name = 'absent',
$gid = 'uid',
$gid_name = 'absent',
$user_provider = 'local',
$password = 'absent',
$password_crypted = true,
$domainalias = 'www',
......@@ -83,6 +79,11 @@ define webhosting::php::mediawiki(
} else {
$real_gid_name = $gid_name
}
if ($group == 'absent') {
$real_group = $real_gid_name
} else {
$real_group = 'apache'
}
webhosting::common{$name:
ensure => $ensure,
configuration => $configuration,
......@@ -90,7 +91,6 @@ define webhosting::php::mediawiki(
uid_name => $real_uid_name,
gid => $gid,
gid_name => $real_gid_name,
user_provider => $user_provider,
password => $password,
password_crypted => $password_crypted,
htpasswd_file => $htpasswd_file,
......
......@@ -2,9 +2,6 @@
# - www: add as well a www.${name} entry
# - absent: do nothing
# - default: add the string
# user_provider:
# - local: user will be crated locally (*default*)
# - everything else will currently do noting
# run_mode:
# - normal: nothing special (*default*)
# - fcgid: apache is running with the fcgid module and suexec
......@@ -24,7 +21,6 @@ define webhosting::php::silverstripe(
$uid_name = 'absent',
$gid = 'uid',
$gid_name = 'absent',
$user_provider = 'local',
$password = 'absent',
$password_crypted = true,
$domainalias = 'www',
......@@ -75,6 +71,11 @@ define webhosting::php::silverstripe(
} else {
$real_gid_name = $gid_name
}
if ($group == 'absent') {
$real_group = $real_gid_name
} else {
$real_group = 'apache'
}
$path = "/var/www/vhosts/${name}"
$documentroot = "${path}/www"
......@@ -85,7 +86,6 @@ define webhosting::php::silverstripe(
uid_name => $real_uid_name,
gid => $gid,
gid_name => $real_gid_name,
user_provider => $user_provider,