diff options
| author | intrigeri <intrigeri@boum.org> | 2011-02-26 00:01:16 +0100 |
|---|---|---|
| committer | intrigeri <intrigeri@boum.org> | 2011-02-26 00:05:23 +0100 |
| commit | 1138f154f9cb0985076159dec34546eb9f677017 (patch) | |
| tree | 6d09fd1d167a6d043ca8c7035642ceefefbb7523 /manifests | |
| parent | f35c84dc309a09ed60b56d37a206c7c59ab6f354 (diff) | |
| download | puppet-loginrecords-1138f154f9cb0985076159dec34546eb9f677017.tar.gz puppet-loginrecords-1138f154f9cb0985076159dec34546eb9f677017.tar.bz2 | |
Chmod /var/run/utmp 640 instead of removing it.
Quoting utmp(5):
"Unlike various other systems, where utmp logging can be disabled by removing
the file, utmp must always exist on Linux."
Moreover, removing this file breaks some of Puppet's functionality.
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/debian.pp | 6 | ||||
| -rw-r--r-- | manifests/init.pp | 2 | ||||
| -rw-r--r-- | manifests/utmp/disable.pp | 6 | ||||
| -rw-r--r-- | manifests/utmp/enable.pp | 8 | ||||
| -rw-r--r-- | manifests/utmp/protect.pp | 5 | ||||
| -rw-r--r-- | manifests/utmp/unprotect.pp | 8 |
6 files changed, 17 insertions, 18 deletions
diff --git a/manifests/debian.pp b/manifests/debian.pp index 12ec571..02c2dad 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -18,10 +18,10 @@ class loginrecords::debian inherits loginrecords::base { class{'loginrecords::lastlog::enable': } } - if $loginrecords::disable_utmp { - class{'loginrecords::utmp::disable': } + if $loginrecords::protect_utmp { + class{'loginrecords::utmp::protect': } } else { - class{'loginrecords::utmp::enable': } + class{'loginrecords::utmp::unprotect': } } if $loginrecords::disable_wtmp { diff --git a/manifests/init.pp b/manifests/init.pp index 9c0a880..446819b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -2,7 +2,7 @@ class loginrecords( $disable_btmp = true, $disable_faillog = true, $disable_lastlog = true, - $disable_utmp = true, + $protect_utmp = true, $disable_wtmp = true ){ # Include main class diff --git a/manifests/utmp/disable.pp b/manifests/utmp/disable.pp deleted file mode 100644 index d01d44b..0000000 --- a/manifests/utmp/disable.pp +++ /dev/null @@ -1,6 +0,0 @@ -class loginrecords::utmp::disable inherits loginrecords::utmp::enable { - File[$utmp_file]{ - ensure => 'absent', - backup => false, - } -} diff --git a/manifests/utmp/enable.pp b/manifests/utmp/enable.pp deleted file mode 100644 index 1003182..0000000 --- a/manifests/utmp/enable.pp +++ /dev/null @@ -1,8 +0,0 @@ -class loginrecords::utmp::enable( - $utmp_file = '/var/run/utmp' -){ - file{$utmp_file: - ensure => 'present', - owner => 'root', group => 'utmp', mode => 660; - } -} diff --git a/manifests/utmp/protect.pp b/manifests/utmp/protect.pp new file mode 100644 index 0000000..166df5e --- /dev/null +++ b/manifests/utmp/protect.pp @@ -0,0 +1,5 @@ +class loginrecords::utmp::protect inherits loginrecords::utmp::unprotect { + File[$utmp_file]{ + mode => 660, + } +} diff --git a/manifests/utmp/unprotect.pp b/manifests/utmp/unprotect.pp new file mode 100644 index 0000000..9da7517 --- /dev/null +++ b/manifests/utmp/unprotect.pp @@ -0,0 +1,8 @@ +class loginrecords::utmp::unprotect( + $utmp_file = '/var/run/utmp' +){ + file{$utmp_file: + ensure => 'present', + owner => 'root', group => 'utmp', mode => 664; + } +} |