Skip to content

Commit

Permalink
Merge pull request #34 from jpiron/home_folder
Browse files Browse the repository at this point in the history
Add user home configuration attribute
  • Loading branch information
Johan Meiring authored Feb 11, 2019
2 parents 850e2a4 + 82291d7 commit 7409650
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 15 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ The following role variables are relevant:
* `append`: Boolean to add `sftp_group_name` to the user groups (if any) instead of setting it (default to `False`).
* `mode`: The users home directory mode (defaults to `0750`).
* `skeleton`: An optional home skeleton directory (e.g: /dev/null). Default to system defaults.
* `home`: An optional home directory (e.g: /home/bob). Default to `sftp_home_partition/name`.
* `sftp_nologin_shell`: The "nologin" user shell. (defaults to /sbin/nologin.)

Notes:
Expand All @@ -63,6 +64,7 @@ Notes:
- name: sally
password: ""
authorized: [sally.pub]
home: /var/tmp/sally
append: True
- sftp_directories:
- imports
Expand Down
4 changes: 2 additions & 2 deletions run-local-tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ run_test() {
docker exec --tty "$(cat ${container_id})" env TERM=xterm grep "user1" /etc/shadow && (echo 'User created' && exit 0) || (echo 'User not created' && exit 1)
docker exec --tty "$(cat ${container_id})" env TERM=xterm test -d /home/user1/test1 && (echo 'Directory created' && exit 0) || (echo 'Directory not created' && exit 1)
docker exec --tty "$(cat ${container_id})" env TERM=xterm grep "foobar" /etc/group && (echo 'Group created' && exit 0) || (echo 'Group not created' && exit 1)
docker exec --tty "$(cat ${container_id})" env TERM=xterm stat -c '%G' /home/user2
docker exec --tty "$(cat ${container_id})" env TERM=xterm '[ $(stat --format '%G' /home/user2) = "foobar" ]' && (echo 'Good directory ownership' && exit 0) || (echo 'Wrong directory ownership' && exit 1)
docker exec --tty "$(cat ${container_id})" env TERM=xterm stat -c '%G' /var/tmp/user2
docker exec --tty "$(cat ${container_id})" env TERM=xterm '[ $(stat --format '%G' /var/tmp/user2) = "foobar" ]' && (echo 'Good directory ownership' && exit 0) || (echo 'Wrong directory ownership' && exit 1)
docker exec --tty "$(cat ${container_id})" env TERM=xterm '[ $(stat --format '%G' /home/user1) = "sftpusers" ]' && (echo 'Good directory ownership' && exit 0) || (echo 'Wrong directory ownership' && exit 1)
docker exec --tty "$(cat ${container_id})" env TERM=xterm test -d /home/user1/test3 && (echo 'User Directory created' && exit 0) || (echo 'User Directory not created' && exit 1)
docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1)
Expand Down
34 changes: 21 additions & 13 deletions tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,12 @@
---
- name: "Compute SFTP users."
set_fact:
_sftp_users: >-
[{% for sftp_user in sftp_users -%}
{{ sftp_user | combine({'home': sftp_user.home | default(sftp_home_partition + '/' + sftp_user.name) }) }}
{{ '' if loop.last else ',' }}
{%- endfor %}]
# Creates group for SFTP users.
- name: SFTP-Server | Create sftp user group
group:
Expand Down Expand Up @@ -47,7 +55,7 @@
group:
name: "{{ item }}"
state: present
with_items: "{{ sftp_users | selectattr('group', 'defined') | map(attribute='group') | list }}"
with_items: "{{ _sftp_users | selectattr('group', 'defined') | map(attribute='group') | list }}"

# Create each SFTP user with home directory on the correct partition, and add to SFTP group.
- name: SFTP-Server | Create sftp users
Expand All @@ -56,29 +64,29 @@
group: "{{ item.group | default(omit) }}"
groups: "{{ sftp_group_name }}"
append: "{{ item.append | default(False) }}"
home: "{{ sftp_home_partition }}/{{ item.name }}"
home: "{{ item.home }}"
# `None` means default value -> default is to have a shell
shell: "{{ None if (item.shell | default(True)) else sftp_nologin_shell }}"
skeleton: "{{ item.skeleton | default(omit) }}"
state: present
with_items: "{{ sftp_users }}"
with_items: "{{ _sftp_users }}"

# A working chrooted SFTP setup requires root:sftgroup ownership of a user's home directory.
- name: SFTP-Server | Correct ownership and permission of home directories
file:
path: "{{ sftp_home_partition }}/{{ item.name }}"
path: "{{ item.home }}"
owner: root
group: "{{ item.group | default(sftp_group_name) }}"
mode: "{{ item.mode | default(0750) }}"
with_items: "{{ sftp_users }}"
with_items: "{{ _sftp_users }}"

# Install all relevant public keys.
- name: SFTP-Server | Install public keys
authorized_key:
user: "{{ item.0.name }}"
key: "{{ lookup('file', item.1) }}"
with_subelements:
- "{{ sftp_users }}"
- "{{ _sftp_users }}"
- authorized
- flags:
skip_missing: True
Expand All @@ -88,43 +96,43 @@
user:
name: "{{ item.name }}"
password: "{{ item.password }}"
with_items: "{{ sftp_users }}"
with_items: "{{ _sftp_users }}"
when: item.password is defined

# Create directories for all SFTP users. Optional, but recommended.
- name: SFTP-Server | Create directories
file:
path: "{{ sftp_home_partition }}/{{ item[0].name }}/{{ item[1].name | default(item[1]) }}"
path: "{{ item[0].home }}/{{ item[1].name | default(item[1]) }}"
owner: "{{ item[0].name }}"
group: "{{ item[0].group | default(item[0].name) }}"
mode: "{{ item[1].mode | default(0750) }}"
state: directory
with_nested:
- "{{ sftp_users }}"
- "{{ _sftp_users }}"
- "{{ sftp_directories }}"

# Create directories for individual SFTP users. Optional.
- name: SFTP-Server | Create directories per user
file:
path: "{{ sftp_home_partition }}/{{ item[0].name }}/{{ item[1].name | default(item[1]) }}"
path: "{{ item[0].home }}/{{ item[1].name | default(item[1]) }}"
owner: "{{ item[0].name }}"
group: "{{ item[0].group | default(item[0].name) }}"
mode: "{{ item[1].mode | default(0750) }}"
state: directory
with_subelements:
- "{{ sftp_users }}"
- "{{ _sftp_users }}"
- "sftp_directories"
- flags:
skip_missing: True

- name: SFTP-Server | Create dev directory for logging
file:
path: "{{ sftp_home_partition }}/{{ item.name }}/dev"
path: "{{ item[0].home }}/dev"
owner: root
group: root
state: directory
with_items:
- "{{ sftp_users }}"
- "{{ _sftp_users }}"
when: sftp_enable_logging

- name: SFTP-Server | Enable Logging
Expand Down
1 change: 1 addition & 0 deletions tests/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
- test3
- test4
- name: user2
home: /var/tmp/user2
group: foobar
password: ""
authorized: []
Expand Down

0 comments on commit 7409650

Please sign in to comment.