Commit b355a813 authored by Micah Anderson's avatar Micah Anderson
Browse files

Some backupninja module updates from anarcat:

Wed Apr 30 16:22:48 EDT 2008  anarcat@koumbit.org
  * remove read permissions on backup directory on group so that a sandbox user can't read other people's directories
Wed Apr 30 16:01:53 EDT 2008  anarcat@koumbit.org
  * default the sandbox host to local ($fqdn) and depend on the sandbox directory properly
Thu Mar 13 18:49:38 EDT 2008  anarcat@koumbit.org
  * create the backup directory along with the user
parent a3d5b7aa
......@@ -9,17 +9,27 @@ class backupninja::server {
}
file { "$backupdir":
ensure => "directory",
mode => 750, owner => root, group => "backupninjas"
mode => 710, owner => root, group => "backupninjas"
}
User <<| tag == "backupninja-$fqdn" |>>
File <<| tag == "backupninja-$fqdn" |>>
# this define allows nodes to declare a remote backup sandbox, that have to
# get created on the server
define sandbox($host, $dir = false, $uid = false, $gid = "backupninjas") {
define sandbox($host = false, $dir = false, $uid = false, $gid = "backupninjas") {
$real_host = $host ? {
false => $fqdn,
default => $host,
}
$real_dir = $dir ? {
false => "${backupninja::server::backupdir}/$fqdn",
default => $dir,
}
@@file { "$real_dir":
ensure => "directory",
mode => 750, owner => $name, group => 0,
tag => "backupninja-$real_host",
}
case $uid {
false: {
@@user { "$name":
......@@ -30,8 +40,8 @@ class backupninja::server {
managehome => true,
shell => "/bin/sh",
password => '*',
require => [ Group['backupninjas'], File["/backup"] ],
tag => "backupninja-$host"
require => Group['backupninjas'],
tag => "backupninja-$real_host"
}
}
default: {
......@@ -44,8 +54,8 @@ class backupninja::server {
managehome => true,
shell => "/bin/sh",
password => '*',
require => [ Group['backupninjas'], File["/backup"] ],
tag => "backupninja-$host"
require => Group['backupninjas'],
tag => "backupninja-$real_host"
}
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment