Changeset - a40cf7a468ea
Parent rev.
Child rev.
[Not reviewed]
0 4 0
Branko Majic (branko) - 7 years ago 2016-11-22 19:33:59
branko@majic.rs
MAR-66: Create web application users with GECOS field that sets their umask to 0007 (this happens thanks to pam_umask).
4 files changed with 12 insertions and 2 deletions:
docs/rolereference.rst
4
docs/usage.rst
6
roles/php_website/tasks/main.yml
1
1
roles/wsgi_website/tasks/main.yml
1
1
0 comments (0 inline, 0 general)
docs/rolereference.rst
Show inline comments
 
@@ -1197,6 +1197,8 @@ The role is implemented with the following layout/logic in mind:
 
  website, in format of ``web-ESCAPEDFQDN``, where ``ESCAPEDFQDN`` is equal to
 
  ``FQDN`` where dots have been replaced by underscores (for example,
 
  ``web-cloud_example_com``).
 
* Website users are set-up via GECOS field to have their umask set to ``0007``
 
  (in combination with ``pam_umask``).
 
* Administrator users are named after the ``FQDN`` (fully qualified domain name)
 
  of website, in format of ``admin-ESCAPEDFQDN``, where ``ESCAPEDFQDN`` is equal
 
  to ``FQDN`` where dots have been replaced by underscores (for example,
 
@@ -1388,6 +1390,8 @@ The role is implemented with the following layout/logic in mind:
 
  website, in format of ``web-ESCAPEDFQDN``, where ``ESCAPEDFQDN`` is equal to
 
  ``FQDN`` where dots have been replaced by underscores (for example,
 
  ``web-wiki_example_com``).
 
* Website users are set-up via GECOS field to have their umask set to ``0007``
 
  (in combination with ``pam_umask``).
 
* Administrator users are named after the ``FQDN`` (fully qualified domain name)
 
  of website, in format of ``admin-ESCAPEDFQDN``, where ``ESCAPEDFQDN`` is equal
 
  to ``FQDN`` where dots have been replaced by underscores (for example,
docs/usage.rst
Show inline comments
 
@@ -1214,6 +1214,9 @@ Before we start, here is a couple of useful pointers regarding the
 
* The role is designed to execute every application via dedicated user and
 
  group. The user/group name is automatically derived from the FQDN of website,
 
  for example ``web-tbg_example_com``.
 
* While running the application, application user's umask is set to ``0007``
 
  (letting the administrator user be able to manage any files created while the
 
  application is running).
 
* An administrative user is created as well, and this user should be used when
 
  running maintenance and installation commands. Similar to application user,
 
  the name is also derived from the FQDN of website, for example
 
@@ -1451,6 +1454,9 @@ on the safe side:
 
* The role is designed to execute every application via dedicated user and
 
  group. The user/group name is automatically derived from the FQDN of website,
 
  for example ``web-wiki_example_com``.
 
* While running the application, application user's umask is set to ``0007``
 
  (letting the administrator user be able to manage any files created while the
 
  application is running).
 
* An administrative user is created as well, and this user should be used when
 
  running maintenance and installation commands. Similar to application user,
 
  the name is also derived from the FQDN of website, for example
roles/php_website/tasks/main.yml
Show inline comments
 
@@ -18,7 +18,7 @@
 
        owner="{{ admin }}" group="{{ user }}" mode=2750
 

			




	
	
	
		
 
- name: Create PHP website user

			




	
	
	
		
 
  user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}"

			




	
	
	
		
 
  user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"

			




	
	
	
		
 
        system=yes createhome=no state=present

			




	
	
	
		
 

			




	
	
	
		
 
- name: Add nginx user to website group

			




        

    


    
    

    

        

                

                    roles/wsgi_website/tasks/main.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -17,7 +17,7 @@

			




	
	
	
		
 
        owner="{{ admin }}" group="{{ user }}" mode=2750

			




	
	
	
		
 

			




	
	
	
		
 
- name: Create WSGI website user

			




	
	
	
		
 
  user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}"

			




	
	
	
		
 
  user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"

			




	
	
	
		
 
        system=yes createhome=no state=present

			




	
	
	
		
 

			




	
	
	
		
 
- name: Add nginx user to website group

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.