dayglojesus / managedmac

Comprehensive Puppet module for OS X.
http://dayglojesus.github.io/managedmac/
Apache License 2.0
62 stars 21 forks source link

allow standard users to restart/shutdown #70

Closed clburlison closed 9 years ago

clburlison commented 9 years ago

This allows standard users to restart and/or shutdown the computer while other users are logged on (including at the login window). Doing so normally requires an administrator password. This is great in lab environments when students might forget to logout of the system.

Please check the spec.rb file still learning and not 100% sure I get the logic, I just copies and pasted from other parameters.

Additionally, fixes two typos related to the auth files. (initial, & from)

dayglojesus commented 9 years ago

Good news: the spec is fine

Bad news: These changes are not idempotent and they didn't pass the puppet-lint test in the git post commit hook.

Details:

Assuming no parameters are being passed to any class in the module (ie. an empty /var/lib/hiera/defaults.yaml file, etc.) the modifications in this pull request still result in a large number of authorization db changes.

[12:07:13]zoidberg# puppet apply --trace -e 'include managedmac'
Notice: Compiled catalog for zoidberg.ucs.sfu.ca in environment production in 0.53 seconds
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.shutdown]/auth_class: auth_class changed 'evaluate-mechanisms' to 'user'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.shutdown]/group: defined 'group' as 'admin'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.shutdown]/comment: comment changed 'Checked if the foreground console user tries to shut down the system while other users are logged in via fast-user switching.' to 'Checked by the Admin framework when attempting to shutdown a system.'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.shutdown]/timeout: defined 'timeout' as '2147483647'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.shutdown]/allow_root: defined 'allow_root' as 'true'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.shutdown]/authenticate_user: defined 'authenticate_user' as 'true'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.restart]/auth_class: auth_class changed 'evaluate-mechanisms' to 'user'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.restart]/group: defined 'group' as 'admin'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.restart]/comment: comment changed 'Checked if the foreground console user tries to restart the system while other users are logged in via fast-user switching.' to 'Checked by the Admin framework when attempting to restart a system.'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.restart]/timeout: defined 'timeout' as '2147483647'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.restart]/allow_root: defined 'allow_root' as 'true'
Notice: /Stage[main]/Managedmac::Authorization/Macauthdb[system.restart]/authenticate_user: defined 'authenticate_user' as 'true'
Notice: Finished catalog run in 0.28 seconds

This happens because the defaults you seeded the classes resources with are not identical to the native values in the authorization db. The comments, type, and other attribute must all be identical.

One other small comment: I use git post commit hook that runs puppet-lint on the code before it is committed. Your patch failed that because of dangling whitespace.

These should all be simple fixes. Please review the code and submit another patch. The feature is most welcome.

Let me know if you have any questions. Cheers.