From 9f273622e0e4ac709cec71ee8e19e580ab551e53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= Date: Wed, 9 Jun 2021 19:14:13 +0200 Subject: [PATCH] Blockerbugs: force to use local user instead of the ipa one --- roles/blockerbugs/tasks/main.yml | 10 ++++++++++ roles/ipa/client/templates/fedora-nss-ignore.conf.j2 | 8 ++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/roles/blockerbugs/tasks/main.yml b/roles/blockerbugs/tasks/main.yml index 8eecca479c..b01c1c67b0 100644 --- a/roles/blockerbugs/tasks/main.yml +++ b/roles/blockerbugs/tasks/main.yml @@ -20,6 +20,16 @@ - httpd - blockerbugs +- name: create the `blockerbugs` user + user: + name: blockerbugs + group: blockerbugs + shell: /bin/nologin + home: /usr/share/blockerbugs + tags: + - blockerbugs + - config + - name: setup blockerbugs app settings file template: src=blockerbugs-settings.py.j2 dest=/etc/blockerbugs/settings.py mode=640 notify: diff --git a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2 b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2 index b83c765706..1e4351d6cf 100644 --- a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2 +++ b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2 @@ -6,13 +6,13 @@ ## creating restricted accounts but we want to make sure the id in ## /etc/passwd and /etc/group are used. [nss] -filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,apache -filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,apache +filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,apache,blockerbugs +filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,apache,blockerbugs {% else %} ## This file contains users who are in ipa to stop people from ## creating restricted accounts but we want to make sure the id in ## /etc/passwd and /etc/group are used. [nss] -filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock,apache,bodhi,ftpsync -filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock,apache +filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock,apache,bodhi,ftpsync,blockerbugs +filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock,apache,blockerbugs {% endif %}