cookbook 'scponly', '~> 1.3.0'
scponly (6) Versions 1.3.0 Follow2
Installs/Configures scponly
cookbook 'scponly', '~> 1.3.0', :supermarket
knife supermarket install scponly
knife supermarket download scponly
Scponly Cookbook
Install scponly package and configure scponly shells (Scponly wiki)
Requirements
- Chef 12 or higher
Platform
The release was tested on:
* RHEL 8.X
* CentOS 8.X
Cookbook Dependencies
- yum-epel
Attributes
-
node['scponly']['install_epel_repo]- determine whether epel repo should be installed (default:true) -
node['scponly']['pkgs']- packages' name to install with version if needed (default:{ scponly: nil }) -
node['scponly']['shell']['scponly']['path']- the shell path forscponlyshell (default:/usr/bin/scponly) -
node['scponly']['shells']['scponlyc']['path']- the shell path forscponlycshell (default:/usr/sbin/scponlyc)
default
This recipe setup all the basics needed to create chroot or nochroot user with scponly shells
Resources/Providers
scponly_user
This LWRP provides an easy way to create scponly users
Actions
-
:create: creates user -
:delete: removes user and possibly its home
Attribute Parameters
-
name: name attribute. The name of the user -
chrooted: does the user need a chrooted environment (default:true) -
home: provides the user's home path inside the chroot environment if one (default:/incoming) -
chroot_path: the path where to create the chroot environment if needed (default:/var/opt/scponly-chroot) -
password: the encrypted user password (default:nil) -
ssh_keys: array with all theauthorized_keysfor the user (default:nil) -
preserved_home: in case of deletion does the user home has to remain (default:true)
Examples
Add a chrooted user with password:
ruby
scponly_user 'chroot_test_passwd' do
chrooted true
password '$6$YQpME/DN$4.h5fNLSg7FLHY3smHzYFCGoI6YpafMyO6QNHMoiGUKePYPSdn9LgSZrxzwLAdtRTgiPhAUZbp0uHcsGGjlJv.'
end
Add a chrooted user with ssh_keys:
ruby
scponly_user 'chroot_test2_ssh_key' do
chrooted true
ssh_keys ['ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDf/WTHmZdrXVbeCDl6Qtt27qcpNZPgTfSgcU6qzJgsPnlBIEddHMZTDziK+MFR2bYfMq1lWUyrZD83nmm/TZRxNAzn8TerEb6ERxsn9TFuTjkq8HmpSbhCq9a+2YlWk/lp/+oeJdZoQmNVB8xQ/g7uvuncxUPkKGHx4Smxeuq6Mw== test2@kitchen-test']
end
Add a non chroot user
ruby
scponly_user 'test_passwd' do
chrooted false
home '/home/test_passwd/incoming'
# Setting passwd to 'test'
password '$6$YQpME/DN$4.h5fNLSg7FLHY3smHzYFCGoI6YpafMyO6QNHMoiGUKePYPSdn9LgSZrxzwLAdtRTgiPhAUZbp0uHcsGGjlJv.'
end
Usage
This cookbook should preferably be used by including this recipe into a cookbook wrapper which actually creates scponly users as described in the examples.
Contributing
- Fork the repository on Github
- Create a named feature branch (like
add_component_x) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
License & Authors
- Author:: Jeremy MAURO (j.mauro@criteo.com)
Copyright 2009-2015, Chef Software, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Dependent cookbooks
| yum-epel >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
1.3.0 passed this metric
Contributing File Metric
1.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
1.3.0 failed this metric
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): scponly/resources/user.rb: 1
Chef/Deprecations/UseInlineResourcesDefined: use_inline_resources is now the default for resources in Chef Infra Client 13+ and does not need to be specified. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_useinlineresourcesdefined): scponly/providers/user.rb: 14
Chef/Modernize/DefinesChefSpecMatchers: ChefSpec matchers are now auto generated by ChefSpec 7.1+ and do not need to be defined in a cookbook (https://docs.chef.io/workstation/cookstyle/chef_modernize_defineschefspecmatchers): scponly/libraries/matchers.rb: 6
Chef/Modernize/FoodcriticComments: Remove legacy code comments that disable Foodcritic rules (https://docs.chef.io/workstation/cookstyle/chef_modernize_foodcriticcomments): scponly/providers/user.rb: 150
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): scponly/metadata.rb: 9
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): scponly/metadata.rb: 10
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): scponly/metadata.rb: 15
Chef/Modernize/ShellOutHelper: Use the built-in `shell_out` helper available in Chef Infra Client 12.11+ instead of calling `Mixlib::ShellOut.new('foo').run_command`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_shellouthelper): scponly/rakelib/50-rubocop.rake: 37
Chef/Modernize/WhyRunSupportedTrue: whyrun_supported? no longer needs to be set to true as it is the default in Chef Infra Client 13+ (https://docs.chef.io/workstation/cookstyle/chef_modernize_whyrunsupportedtrue): scponly/providers/user.rb: 10
Chef/RedundantCode/LongDescriptionMetadata: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata): scponly/metadata.rb: 6
Chef/RedundantCode/UnnecessaryNameProperty: There is no need to define a property or attribute named :name in a resource as Chef Infra defines this on all resources by default. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_unnecessarynameproperty): scponly/resources/user.rb: 13
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
1.3.0 passed this metric
Version Tag Metric
1.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.3.0 passed this metric
1.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
1.3.0 failed this metric
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): scponly/resources/user.rb: 1
Chef/Deprecations/UseInlineResourcesDefined: use_inline_resources is now the default for resources in Chef Infra Client 13+ and does not need to be specified. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_useinlineresourcesdefined): scponly/providers/user.rb: 14
Chef/Modernize/DefinesChefSpecMatchers: ChefSpec matchers are now auto generated by ChefSpec 7.1+ and do not need to be defined in a cookbook (https://docs.chef.io/workstation/cookstyle/chef_modernize_defineschefspecmatchers): scponly/libraries/matchers.rb: 6
Chef/Modernize/FoodcriticComments: Remove legacy code comments that disable Foodcritic rules (https://docs.chef.io/workstation/cookstyle/chef_modernize_foodcriticcomments): scponly/providers/user.rb: 150
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): scponly/metadata.rb: 9
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): scponly/metadata.rb: 10
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): scponly/metadata.rb: 15
Chef/Modernize/ShellOutHelper: Use the built-in `shell_out` helper available in Chef Infra Client 12.11+ instead of calling `Mixlib::ShellOut.new('foo').run_command`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_shellouthelper): scponly/rakelib/50-rubocop.rake: 37
Chef/Modernize/WhyRunSupportedTrue: whyrun_supported? no longer needs to be set to true as it is the default in Chef Infra Client 13+ (https://docs.chef.io/workstation/cookstyle/chef_modernize_whyrunsupportedtrue): scponly/providers/user.rb: 10
Chef/RedundantCode/LongDescriptionMetadata: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata): scponly/metadata.rb: 6
Chef/RedundantCode/UnnecessaryNameProperty: There is no need to define a property or attribute named :name in a resource as Chef Infra defines this on all resources by default. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_unnecessarynameproperty): scponly/resources/user.rb: 13
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
1.3.0 passed this metric
Version Tag Metric
1.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.3.0 failed this metric
Chef/Deprecations/UseInlineResourcesDefined: use_inline_resources is now the default for resources in Chef Infra Client 13+ and does not need to be specified. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_useinlineresourcesdefined): scponly/providers/user.rb: 14
Chef/Modernize/DefinesChefSpecMatchers: ChefSpec matchers are now auto generated by ChefSpec 7.1+ and do not need to be defined in a cookbook (https://docs.chef.io/workstation/cookstyle/chef_modernize_defineschefspecmatchers): scponly/libraries/matchers.rb: 6
Chef/Modernize/FoodcriticComments: Remove legacy code comments that disable Foodcritic rules (https://docs.chef.io/workstation/cookstyle/chef_modernize_foodcriticcomments): scponly/providers/user.rb: 150
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): scponly/metadata.rb: 9
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): scponly/metadata.rb: 10
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): scponly/metadata.rb: 15
Chef/Modernize/ShellOutHelper: Use the built-in `shell_out` helper available in Chef Infra Client 12.11+ instead of calling `Mixlib::ShellOut.new('foo').run_command`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_shellouthelper): scponly/rakelib/50-rubocop.rake: 37
Chef/Modernize/WhyRunSupportedTrue: whyrun_supported? no longer needs to be set to true as it is the default in Chef Infra Client 13+ (https://docs.chef.io/workstation/cookstyle/chef_modernize_whyrunsupportedtrue): scponly/providers/user.rb: 10
Chef/RedundantCode/LongDescriptionMetadata: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata): scponly/metadata.rb: 6
Chef/RedundantCode/UnnecessaryNameProperty: There is no need to define a property or attribute named :name in a resource as Chef Infra defines this on all resources by default. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_unnecessarynameproperty): scponly/resources/user.rb: 13
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
1.3.0 passed this metric
Version Tag Metric
1.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.3.0 failed this metric
