211 lines
7.4 KiB
Diff
211 lines
7.4 KiB
Diff
From be3cea05e06cbfcfbd684b46c49fcdc8f8f5b880 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
Date: Tue, 18 Sep 2018 14:28:18 +0200
|
|
Subject: [PATCH 14/16] profiles: add options to exclude lines from
|
|
nsswitch.conf
|
|
|
|
There is a common use case that users want to change lines in nsswitch.conf
|
|
but do not want to create a whole custom profile. This applies especially
|
|
to nis profile as it sets all nsswitch databases and thus renders recently
|
|
added user-nsswitch.conf useless.
|
|
|
|
For distributing company wide configuration, custom profiles should be used though.
|
|
|
|
Resolves:
|
|
https://github.com/pbrezina/authselect/issues/95
|
|
---
|
|
profiles/nis/README | 50 ++++++++++++++++++++++++++++++++++
|
|
profiles/nis/nsswitch.conf | 28 +++++++++----------
|
|
profiles/sssd/README | 26 ++++++++++++++++++
|
|
profiles/sssd/nsswitch.conf | 12 ++++----
|
|
profiles/winbind/README | 14 ++++++++++
|
|
profiles/winbind/nsswitch.conf | 4 +--
|
|
6 files changed, 112 insertions(+), 22 deletions(-)
|
|
|
|
diff --git a/profiles/nis/README b/profiles/nis/README
|
|
index 34789b1e7643f0df082d40e0e87cb3d0823bba56..3911959c59287d2d5425ef304f744ff4cd5b408d 100644
|
|
--- a/profiles/nis/README
|
|
+++ b/profiles/nis/README
|
|
@@ -41,6 +41,56 @@ with-nispwquality::
|
|
without-nullok::
|
|
Do not add nullok parameter to pam_unix.
|
|
|
|
+DISABLE SPECIFIC NSSWITCH DATABASES
|
|
+-----------------------------------
|
|
+
|
|
+Normally, nsswitch databases set by the profile overwrites values set in
|
|
+user-nsswitch.conf. The following options can force authselect to
|
|
+ignore value set by the profile and use the one set in user-nsswitch.conf
|
|
+instead.
|
|
+
|
|
+with-custom-aliases::
|
|
+Ignore "aliases" map set by the profile.
|
|
+
|
|
+with-custom-automount::
|
|
+Ignore "automount" map set by the profile.
|
|
+
|
|
+with-custom-ethers::
|
|
+Ignore "ethers" map set by the profile.
|
|
+
|
|
+with-custom-group::
|
|
+Ignore "group" map set by the profile.
|
|
+
|
|
+with-custom-hosts::
|
|
+Ignore "hosts" map set by the profile.
|
|
+
|
|
+with-custom-initgroups::
|
|
+Ignore "initgroups" map set by the profile.
|
|
+
|
|
+with-custom-netgroup::
|
|
+Ignore "netgroup" map set by the profile.
|
|
+
|
|
+with-custom-networks::
|
|
+Ignore "networks" map set by the profile.
|
|
+
|
|
+with-custom-passwd::
|
|
+Ignore "passwd" map set by the profile.
|
|
+
|
|
+with-custom-protocols::
|
|
+Ignore "protocols" map set by the profile.
|
|
+
|
|
+with-custom-publickey::
|
|
+Ignore "publickey" map set by the profile.
|
|
+
|
|
+with-custom-rpc::
|
|
+Ignore "rpc" map set by the profile.
|
|
+
|
|
+with-custom-services::
|
|
+Ignore "services" map set by the profile.
|
|
+
|
|
+with-custom-shadow::
|
|
+Ignore "shadow" map set by the profile.
|
|
+
|
|
EXAMPLES
|
|
--------
|
|
* Enable NIS with no additional modules
|
|
diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
|
|
index 4397deb1ef347d5cb8798926f553c373f8c15649..f5451657f3d8b988b633304d549a3242257715d3 100644
|
|
--- a/profiles/nis/nsswitch.conf
|
|
+++ b/profiles/nis/nsswitch.conf
|
|
@@ -1,14 +1,14 @@
|
|
-aliases: files nis
|
|
-automount: files nis
|
|
-ethers: files nis
|
|
-group: files nis systemd
|
|
-hosts: files nis dns myhostname
|
|
-initgroups: files nis
|
|
-netgroup: files nis
|
|
-networks: files nis
|
|
-passwd: files nis systemd
|
|
-protocols: files nis
|
|
-publickey: files nis
|
|
-rpc: files nis
|
|
-services: files nis
|
|
-shadow: files nis
|
|
+aliases: files nis {exclude if "with-custom-aliases"}
|
|
+automount: files nis {exclude if "with-custom-automount"}
|
|
+ethers: files nis {exclude if "with-custom-ethers"}
|
|
+group: files nis systemd {exclude if "with-custom-group"}
|
|
+hosts: files nis dns myhostname {exclude if "with-custom-hosts"}
|
|
+initgroups: files nis {exclude if "with-custom-initgroups"}
|
|
+netgroup: files nis {exclude if "with-custom-netgroup"}
|
|
+networks: files nis {exclude if "with-custom-networks"}
|
|
+passwd: files nis systemd {exclude if "with-custom-passwd"}
|
|
+protocols: files nis {exclude if "with-custom-protocols"}
|
|
+publickey: files nis {exclude if "with-custom-publickey"}
|
|
+rpc: files nis {exclude if "with-custom-rpc"}
|
|
+services: files nis {exclude if "with-custom-services"}
|
|
+shadow: files nis {exclude if "with-custom-shadow"}
|
|
\ No newline at end of file
|
|
diff --git a/profiles/sssd/README b/profiles/sssd/README
|
|
index a2fbf66323f4893391474de49f323c06123a2ebf..42293ab39c628c285921b8b47c4a763fd0215472 100644
|
|
--- a/profiles/sssd/README
|
|
+++ b/profiles/sssd/README
|
|
@@ -59,6 +59,32 @@ with-pamaccess::
|
|
without-nullok::
|
|
Do not add nullok parameter to pam_unix.
|
|
|
|
+DISABLE SPECIFIC NSSWITCH DATABASES
|
|
+-----------------------------------
|
|
+
|
|
+Normally, nsswitch databases set by the profile overwrites values set in
|
|
+user-nsswitch.conf. The following options can force authselect to
|
|
+ignore value set by the profile and use the one set in user-nsswitch.conf
|
|
+instead.
|
|
+
|
|
+with-custom-passwd::
|
|
+Ignore "passwd" database set by the profile.
|
|
+
|
|
+with-custom-group::
|
|
+Ignore "group" database set by the profile.
|
|
+
|
|
+with-custom-netgroup::
|
|
+Ignore "netgroup" database set by the profile.
|
|
+
|
|
+with-custom-automount::
|
|
+Ignore "automount" database set by the profile.
|
|
+
|
|
+with-custom-services::
|
|
+Ignore "services" database set by the profile.
|
|
+
|
|
+with-custom-sudoers::
|
|
+Ignore "sudoers" database set by the profile.
|
|
+
|
|
EXAMPLES
|
|
--------
|
|
|
|
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
|
|
index 5d05102ee8836f5bbce5f0527b87b1559fbe664e..9734bbbe68e7cf73a4a560e3573162d353e551e8 100644
|
|
--- a/profiles/sssd/nsswitch.conf
|
|
+++ b/profiles/sssd/nsswitch.conf
|
|
@@ -1,6 +1,6 @@
|
|
-passwd: sss files systemd
|
|
-group: sss files systemd
|
|
-netgroup: sss files
|
|
-automount: sss files
|
|
-services: sss files
|
|
-sudoers: files sss {include if "with-sudo"}
|
|
+passwd: sss files systemd {exclude if "with-custom-passwd"}
|
|
+group: sss files systemd {exclude if "with-custom-group"}
|
|
+netgroup: sss files {exclude if "with-custom-netgroup"}
|
|
+automount: sss files {exclude if "with-custom-automount"}
|
|
+services: sss files {exclude if "with-custom-services"}
|
|
+sudoers: files sss {include if "with-sudo"}
|
|
diff --git a/profiles/winbind/README b/profiles/winbind/README
|
|
index a824c7e78954bafffa6500e45a6e826835fd2b58..cd1606800d77eeb93be918f17fe47c2586b2519d 100644
|
|
--- a/profiles/winbind/README
|
|
+++ b/profiles/winbind/README
|
|
@@ -51,6 +51,20 @@ with-pamaccess::
|
|
without-nullok::
|
|
Do not add nullok parameter to pam_unix.
|
|
|
|
+DISABLE SPECIFIC NSSWITCH DATABASES
|
|
+-----------------------------------
|
|
+
|
|
+Normally, nsswitch databases set by the profile overwrites values set in
|
|
+user-nsswitch.conf. The following options can force authselect to
|
|
+ignore value set by the profile and use the one set in user-nsswitch.conf
|
|
+instead.
|
|
+
|
|
+with-custom-passwd::
|
|
+Ignore "passwd" database set by the profile.
|
|
+
|
|
+with-custom-group::
|
|
+Ignore "group" database set by the profile.
|
|
+
|
|
EXAMPLES
|
|
--------
|
|
* Enable winbind with no additional modules
|
|
diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf
|
|
index 3018a7526ece30236969ce69dce729998c9a57de..8a23bd71935eb26c5093e4b2080b1d91b6de5582 100644
|
|
--- a/profiles/winbind/nsswitch.conf
|
|
+++ b/profiles/winbind/nsswitch.conf
|
|
@@ -1,2 +1,2 @@
|
|
-passwd: files winbind systemd
|
|
-group: files winbind systemd
|
|
+passwd: files winbind systemd {exclude if "with-custom-passwd"}
|
|
+group: files winbind systemd {exclude if "with-custom-group"}
|
|
--
|
|
2.17.1
|
|
|