Restriction of shell access for new user on a linux box


#1

Hello everyone,

Has anyone had experience of restricting access for a particular user using the user resource in Chef?

I’m trying to create a service user who will have restricted access on a linux box.

I have done the following:-

 user user do
	supports :manage_home => true
  	comment  "chef created service user: #{user}"
	home "/home/#{user}"
	shell '/sbin/nologin'
	action :create
end

but have been unsuccessful.

I noticed that during the chef run the following output was generated when an attempt was made to create a service user:

Ran [“useradd”, “-c”, “chef created service user: svc_goagent”, “-s”, “/sbin/nologin”, “-d”, “/home/svc_goagent”, “-m”, “svc_goagent”] returned 3 and not 0.

Any ideas?

Many thanks

Sent from iCloud


#2

exit code 3 is invalid argument for option.

my guess would be the comment you have - there’s a colon in your string
"chef created service user: svc_goagent".

colon is the delimiter for the passwd file and wouldn’t be permitted in the
user data.

On Mon, Mar 23, 2015 at 2:27 PM, ANGELA EBIRIM aebirim@icloud.com wrote:

Hello everyone,

Has anyone had experience of restricting access for a particular user
using the user resource in Chef?

I’m trying to create a service user who will have restricted access on a
linux box.

I have done the following:-

 user user do

supports :manage_home => true
comment "chef created service user: #{user}"
home "/home/#{user}"
shell '/sbin/nologin’
action :create
end

but have been unsuccessful.

I noticed that during the chef run the following output was generated when
an attempt was made to create a service user:

Ran [“useradd”, “-c”, “chef created service user: svc_goagent”, “-s”,
"/sbin/nologin", “-d”, “/home/svc_goagent”, “-m”, “svc_goagent”] returned 3
and not 0.

Any ideas?

Many thanks

Sent from iCloud


Mandi Walls
mandi.walls@gmail.com

@lnxchk


#3

Hi Mandi,

Silly me!

That was indeed the problem. Didn’t realise that you were restricted in what you could put in the comment field.

Thanks again.
Sent from iCloud

On Mar 23, 2015, at 11:55 AM, mandi walls mandi.walls@gmail.com wrote:

exit code 3 is invalid argument for option.

my guess would be the comment you have - there’s a colon in your string “chef created service user: svc_goagent”.

colon is the delimiter for the passwd file and wouldn’t be permitted in the user data.

On Mon, Mar 23, 2015 at 2:27 PM, ANGELA EBIRIM aebirim@icloud.com wrote:
Hello everyone,

Has anyone had experience of restricting access for a particular user using the user resource in Chef?

I’m trying to create a service user who will have restricted access on a linux box.

I have done the following:-

 user user do

supports :manage_home => true
comment "chef created service user: #{user}"
home "/home/#{user}"
shell '/sbin/nologin’
action :create
end

but have been unsuccessful.

I noticed that during the chef run the following output was generated when an attempt was made to create a service user:

Ran [“useradd”, “-c”, “chef created service user: svc_goagent”, “-s”, “/sbin/nologin”, “-d”, “/home/svc_goagent”, “-m”, “svc_goagent”] returned 3 and not 0.

Any ideas?

Many thanks

Sent from iCloud


Mandi Walls
mandi.walls@gmail.com

@lnxchk