From 4b4b58c64349fc420c0b8b0555a3fef3443355d8 Mon Sep 17 00:00:00 2001 From: Sebastian Gumprich Date: Mon, 4 Jan 2016 18:00:38 +0100 Subject: [PATCH] make sys_uid and sys_gid configurable --- defaults/main.yml | 5 +++++ templates/login.defs.j2 | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 849f1a58..5d36aae4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,6 +12,11 @@ os_auth_pam_passwdqc_options: 'min=disabled,disabled,16,12,8' os_auth_root_ttys: [console, tty1, tty2, tty3, tty4, tty5, tty6] os_auth_uid_min: 1000 os_auth_gid_min: 1000 +os_auth_sys_uid_min: 100 +os_auth_sys_uid_max: 999 +os_auth_sys_gid_min: 100 +os_auth_sys_gid_max: 999 + os_chfn_restrict: '' # may contain: change_user os_security_users_allow: [] diff --git a/templates/login.defs.j2 b/templates/login.defs.j2 index ba50c9d9..0fa8a3fc 100644 --- a/templates/login.defs.j2 +++ b/templates/login.defs.j2 @@ -107,15 +107,15 @@ PASS_WARN_AGE 7 UID_MIN {{os_auth_uid_min}} UID_MAX 60000 # System accounts -#SYS_UID_MIN 100 -#SYS_UID_MAX 999 +SYS_UID_MIN {{os_auth_sys_uid_min}} +SYS_UID_MAX {{os_auth_sys_uid_max}} # Min/max values for automatic gid selection in groupadd GID_MIN {{os_auth_gid_min}} GID_MAX 60000 # System accounts -#SYS_GID_MIN 100 -#SYS_GID_MAX 999 +SYS_GID_MIN {{os_auth_sys_gid_min}} +SYS_GID_MAX {{os_auth_sys_gid_max}} # Max number of login retries if password is bad. This will most likely be overriden by PAM, since the default pam_unix module has it's own built in of 3 retries. However, this is a safe fallback in case you are using an authentication module that does not enforce PAM_MAXTRIES. LOGIN_RETRIES {{os_auth_retries}}