Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 8e903564eedcacb3812de57f53c6a93575d36088^! / . / README.rst
commit8e903564eedcacb3812de57f53c6a93575d36088[log] [tgz]
authorDmitry Teselkin <dteselkin@mirantis.com>Thu Feb 21 16:40:23 2019 +0300
committerDmitry Teselkin <dteselkin@mirantis.com>Fri Feb 22 09:01:24 2019 +0300
treee510d76eea98adac6a75ca86379a8fa979482df7
parent11a65ad9c8b9dda17216bbe2af25f80ae158e7d5 [diff] [blame]
Configure /etc/default/useradd through 'defaults'

Add linux:system:defaults:user section that aims two things:

* configure /etc/default/useradd file as this file contains
  INACTIVE parameter that should be configured according to
  CIS 5.4.1.4
  We have to manage entire file so a template was added.

* Configure three parameters that are related to user
  account management but configured in /etc/login.defs file.
  These are PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE.

More details in README.rst

Related-Prod: PROD-23600

Change-Id: Idc502af3b0f31b3fe84dc9a42e3e9ec2ead7fe3c

diff --git a/README.rst b/README.rst
index 9655d5e..9c66374 100644
--- a/README.rst
+++ b/README.rst

@@ -76,6 +76,50 @@
             home: '/home/elizabeth'
             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
 
+Setting user defaults
+---------------------
+Default parameters that will be used by `useradd` command could be configured
+the following way:
+
+.. code-block:: yaml
+
+  linux:
+    system:
+      ...
+      defaults:
+        user:
+          shell: <SHELL>
+          gid: <GROUP>
+          home: <HOME>
+          inactdays: <INACTIVE>
+          expire: <EXPIRE>
+          skeleton: <SKEL>
+          create_mail_spool: <CREATE_MAIL_SPOOL>
+
+Other parameters that are used when creating user profile could be configured
+as well, acting as global defaults:
+
+.. code-block:: yaml
+
+  linux:
+    system:
+      ...
+      defaults:
+        user:
+          ...
+          maxdays: <PASS_MAX_DAYS>
+          mindays: <PASS_MIN_DAYS>
+          warndays: <PASS_WARN_AGE>
+
+.. note::
+
+  The three options above ('maxdays', 'mindays', 'warndays') could be
+  overriden in linux:system:login_defs using their 'real' names.
+  The reason they could be defined here is that it's quite logical to
+  have these parameters related to configuration of user account
+  behaviour in one place.
+
+
 Configure password expiration parameters
 ----------------------------------------
 The following login.defs parameters can be overridden per-user:
@@ -83,7 +127,6 @@
 * PASS_MAX_DAYS
 * PASS_MIN_DAYS
 * PASS_WARN_DAYS
-* INACTIVE
 
 .. code-block:: yaml
 
@@ -97,8 +140,7 @@
             ...
             maxdays: <PASS_MAX_DAYS>
             mindays: <PASS_MIN_DAYS>
-            warndays: <PASS_WARN_DAYS>
-            inactdays: <INACTIVE>
+            warndays: <PASS_WARN_AGE>
 
 Configure sudo for users and groups under ``/etc/sudoers.d/``.
 This ways ``linux.system.sudo`` pillar map to actual sudo attributes: