Forge Home

login_defs

Manages /etc/login.defs

1,400 downloads

1,307 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.1 (latest)
  • 1.0.0
released Mar 26th 2021
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • , , , , , , Gentoo,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'croddy-login_defs', '1.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add croddy-login_defs
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install croddy-login_defs --version 1.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

croddy/login_defs — version 1.0.1 Mar 26th 2021

login_defs

Build Status

Overview

Manages /etc/login.defs on Linux systems.

Usage

Class: login_defs

Parameters

mode

Specifies the file mode for /etc/login.defs. Defaults to 0644.

owner

Specifies the file owner for /etc/login.defs. Defaults to 'root'

group

Specifies the file group for /etc/login.defs. Defaults to '0'

options

A hash of options to populate the login.defs file with.

Reference the login.defs(5) man page for a list of configuration items and their description. http://linux.die.net/man/5/login.defs

  • Any option you add here will be merged with the default options.
  • You can override a default value here as well by using a key with the same name.
  • You can remove a default option by specifying undef or an empty string for its value.
  • Your options will not be validated for correctness.

For example:

All the default options plus MY_CUSTOM_OPT being added:

class { '::login_defs':
  options => {
    'MY_CUSTOM_OPT' => 'foo',
  },
}

Default ENCRYPT_METHOD overridden with 'SHA256':

class { '::login_defs':
  options => {
    'ENCRYPT_METHOD' => 'SHA256',
  },
}

Remove the default ENCRYPT_METHOD entirely:

class { '::login_defs':
  options => {
    'ENCRYPT_METHOD' => undef,
  },
}

Default Options:

RedHat 5/6:

{
'CREATE_HOME'     => 'yes',
'ENCRYPT_METHOD'  => 'SHA512',
'GID_MAX'         => '60000',
'GID_MIN'         => '500',
'MAIL_DIR'        => '/var/spool/mail',
'PASS_MAX_DAYS'   => '99999',
'PASS_MIN_LEN'    => '5',
'PASS_WARN_AGE'   => '7',
'UID_MAX'         => '60000',
'UID_MIN'         => '500',
'UMASK'           => '022',
'USERGROUPS_ENAB' => 'yes',
}

RedHat 7:

{
'CREATE_HOME'     => 'yes',
'ENCRYPT_METHOD'  => 'SHA512',
'GID_MAX'         => '60000',
'GID_MIN'         => '1000',
'MAIL_DIR'        => '/var/spool/mail',
'PASS_MAX_DAYS'   => '99999',
'PASS_MIN_DAYS'   => '0',
'PASS_MIN_LEN'    => '5',
'PASS_WARN_AGE'   => '7',
'SYS_GID_MAX'     => '999',
'SYS_GID_MIN'     => '201',
'SYS_UID_MAX'     => '999',
'SYS_UID_MIN'     => '201',
'UID_MAX'         => '60000',
'UID_MIN'         => '1000',
'UMASK'           => '077',
'USERGROUPS_ENAB' => 'yes',
}

Debian:

{
'CHFN_RESTRICT'    => 'rwh',
'CREATE_HOME'      => 'yes',
'DEFAULT_HOME'     => 'yes',
'ENCRYPT_METHOD'   => 'SHA512',
'ENV_PATH'         => 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games',
'ENV_SUPATH'       => 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
'ERASECHAR'        => '0177',
'FAILLOG_ENAB'     => 'yes',
'FTMP_FILE'        => '/var/log/btmp',
'GID_MAX'          => '60000',
'GID_MIN'          => '1000',
'HUSHLOGIN_FILE'   => '.hushlogin',
'KILLCHAR'         => '025',
'LOG_OK_LOGINS'    => 'no',
'LOG_UNKFAIL_ENAB' => 'no',
'LOGIN_RETRIES'    => '5',
'LOGIN_TIMEOUT'    => '60',
'MAIL_DIR'         => '/var/mail',
'MD5_CRYPT_ENAB'   => 'no',
'PASS_MAX_DAYS'    => '99999',
'PASS_MIN_DAYS'    => '0',
'PASS_WARN_AGE'    => '7',
'SU_NAME'          => 'su',
'SYSLOG_SG_ENAB'   => 'yes',
'SYSLOG_SU_ENAB'   => 'yes',
'TTYGROUP'         => 'tty',
'TTYPERM'          => '0600',
'UID_MAX'          => '60000',
'UID_MIN'          => '1000',
'UMASK'            => '022',
'USERGROUPS_ENAB'  => 'yes',
}

Gentoo:

{
'FAIL_DELAY'       => '3'
'LOG_UNKFAIL_ENAB' => 'no'
'LOG_OK_LOGINS'    => 'no'
'SYSLOG_SU_ENAB'   => 'yes'
'SYSLOG_SG_ENAB'   => 'yes'
'CONSOLE'          => '/etc/securetty'
'SU_NAME'          => 'su'
'MAIL_DIR'         => '/var/spool/mail'
'HUSHLOGIN_FILE'   => '.hushlogin'
'ENV_SUPATH'       => 'PATH=/sbin:/bin:/usr/sbin:/usr/bin'
'ENV_PATH'         => 'PATH=/bin:/usr/bin'
'TTYGROUP'         => 'tty'
'TTYPERM'          => '0600'
'ERASECHAR'        => '0177'
'KILLCHAR'         => '025'
'UMASK'            => '022'
'PASS_MAX_DAYS'    => '99999'
'PASS_MIN_DAYS'    => '0'
'PASS_WARN_AGE'    => '7'
'UID_MIN'          => '1000'
'UID_MAX'          => '60000'
'SYS_UID_MIN'      => '101'
'SYS_UID_MAX'      => '999'
'GID_MIN'          => '1000'
'GID_MAX'          => '60000'
'SYS_GID_MIN'      => '101'
'SYS_GID_MAX'      => '999'
'LOGIN_RETRIES'    => '5'
'LOGIN_TIMEOUT'    => '60'
'CHFN_RESTRICT'    => 'rwh'
'DEFAULT_HOME'     => 'yes'
'USERGROUPS_ENAB'  => 'yes'
}

SLES 11:

{
'DEFAULT_HOME'     => 'yes'
'ENV_PATH'         => '/usr/local/bin:/usr/bin:/bin'
'ENV_ROOTPATH'     => '/sbin:/bin:/usr/sbin:/usr/bin'
'FAIL_DELAY'       => '3'
'HUSHLOGIN_FILE'   => '/etc/hushlogins'
'LASTLOG_ENAB'     => 'yes'
'LOG_UNKFAIL_ENAB' => 'no'
'LOGIN_RETRIES'    => '3'
'LOGIN_TIMEOUT'    => '60'
'MOTD_FILE'        => '/etc/motd'
'TTYTYPE_FILE'     => '/etc/ttytype'
'TTYGROUP'         => 'tty'
'TTYPERM'          => '0620'
'CHFN_AUTH'        => 'yes'
'CHFN_RESTRICT'    => 'rwh'
'PASS_MAX_DAYS'    => '99999'
'PASS_MIN_DAYS'    => '0'
'PASS_WARN_AGE'    => '7'
'SYSTEM_UID_MIN'   => '100'
'SYSTEM_UID_MAX'   => '499'
'UID_MIN'          => '1000'
'UID_MAX'          => '60000'
'SYSTEM_GID_MIN'   => '100'
'SYSTEM_GID_MAX'   => '499'
'GID_MIN'          => '1000'
'GID_MAX'          => '60000'
'CHARACTER_CLASS'  =>  '[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?'
'UMASK'            => '022'
'GROUPADD_CMD'     => '/usr/sbin/groupadd.local'
'USERADD_CMD'      => '/usr/sbin/useradd.local'
'USERDEL_PRECMD'   => '/usr/sbin/userdel-pre.local'
'USERDEL_POSTCMD'  => '/usr/sbin/userdel-post.local'
}

SLES 12:

{
'FAIL_DELAY'         => '3'
'LOG_UNKFAIL_ENAB'   => 'no'
'LOG_OK_LOGINS'      => 'no'
'SYSLOG_SU_ENAB'     => 'yes'
'SYSLOG_SG_ENAB'     => 'yes'
'CONSOLE'            => '/etc/securetty'
'MOTD_FILE'          => '/etc/motd'
'HUSHLOGIN_FILE'     => '/etc/hushlogins'
'ENV_SUPATH'         => 'PATH=/sbin:/bin:/usr/sbin:/usr/bin'
'ENV_PATH'           => 'PATH=/usr/local/bin:/usr/bin:/bin'
'ENV_ROOTPATH'       => '/sbin:/bin:/usr/sbin:/usr/bin'
'TTYGROUP'           => 'tty'
'TTYPERM'            => '0620'
'ERASECHAR'          => '0177'
'KILLCHAR'           => '025'
'UMASK'              => '022'
'PASS_MAX_DAYS'      => '99999'
'PASS_MIN_DAYS'      => '0'
'PASS_WARN_AGE'      => '7'
'UID_MIN'            => '1000'
'UID_MAX'            => '60000'
'SYS_UID_MIN'        => '100'
'SYS_UID_MAX'        => '499'
'SUB_UID_MIN'        => '100000'
'SUB_UID_MAX'        => '600100000'
'SUB_UID_COUNT'      => '65536'
'GID_MIN'            => '1000'
'GID_MAX'            => '60000'
'SYS_GID_MIN'        => '100'
'SYS_GID_MAX'        => '499'
'SUB_GID_MIN'        => '100000'
'SUB_GID_MAX'        => '600100000'
'SUB_GID_COUNT'      => '65536'
'LOGIN_RETRIES'      => '3'
'LOGIN_TIMEOUT'      => '60'
'CHFN_RESTRICT'      => 'rwh'
'ENCRYPT_METHOD'     => 'SHA512'
'ENCRYPT_METHOD_NIS' => 'DES'
'DEFAULT_HOME'       => 'yes'
'USERGROUPS_ENAB'    => 'no'
'CREATE_HOME'        => 'no'
'CHARACTER_CLASS'    => '[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?'
'GROUPADD_CMD'       => '/usr/sbin/groupadd.local'
'USERADD_CMD'        => '/usr/sbin/useradd.local'
'USERDEL_PRECMD'     => '/usr/sbin/userdel-pre.local'
'USERDEL_POSTCMD'    => '/usr/sbin/userdel-post.local'
}

## Limitations

Only supports RedHat, Debian, Gentoo, and SLES family operating systems right now.

## Authors

Josh Beard, josh@signalboxes.net