V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m25s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -688,13 +688,12 @@ user:
|
||||
protected: true # Prevent unintentional edits or deletions.
|
||||
shell: /bin/zsh # Login shell (e.g., '/bin/bash', '/bin/zsh'); use '/usr/sbin/nologin' for non-interactive users.
|
||||
password: ""
|
||||
ssh_pubkeys: # List of public SSH keys for authentication.
|
||||
- ""
|
||||
sshpubkey: ""
|
||||
authentication:
|
||||
access:
|
||||
ssh: false # Allow SSH access.
|
||||
tty: true # Allow TTY (local console) login.
|
||||
password_auth:
|
||||
password:
|
||||
ssh: false # Allow SSH password login.
|
||||
tty: true # Allow TTY (local console) password login.
|
||||
2fa:
|
||||
@@ -703,9 +702,9 @@ user:
|
||||
privileges:
|
||||
description: "Root user with full system access and administrative privileges."
|
||||
sudo: false # Whether the user can escalate to root using sudo.
|
||||
system_user: false # Whether this is a low-UID system user (e.g., for automation).
|
||||
restricted: false # If true, user is limited in scope (e.g., no login, no file access).
|
||||
shell_access: true # MUST be "true" if shell is not '/usr/sbin/nologin' or '/bin/false'.
|
||||
system: true # Whether this is a low-UID system user (e.g., for automation).
|
||||
restricted: false # If true, user is limited in scope (e.g., no login, no file access, --no-create-home)
|
||||
shell: true # MUST be "true" if shell is not '/usr/sbin/nologin' or '/bin/false'.
|
||||
|
||||
##############################################################################################################################
|
||||
# Primary administrative user with full sudo access
|
||||
@@ -719,13 +718,12 @@ user:
|
||||
gid: 1000 # Ensures that the same user has the same GID on all systems.
|
||||
shell: /bin/zsh # Login shell (e.g., '/bin/bash', '/bin/zsh'); use '/usr/sbin/nologin' for non-interactive users.
|
||||
password: ""
|
||||
ssh_pubkeys: # List of public SSH keys for authentication.
|
||||
- ""
|
||||
sshpubkey: ""
|
||||
authentication:
|
||||
access:
|
||||
ssh: true # Allow SSH access.
|
||||
tty: true # Allow TTY (local console) login.
|
||||
password_auth:
|
||||
password:
|
||||
ssh: false # Allow SSH password login.
|
||||
tty: true # Allow TTY (local console) password login.
|
||||
2fa:
|
||||
@@ -734,9 +732,9 @@ user:
|
||||
privileges:
|
||||
description: "Primary admin user with full sudo access and interactive login."
|
||||
sudo: true # Whether the user can escalate to root using sudo.
|
||||
system_user: false # Whether this is a low-UID system user (e.g., for automation).
|
||||
restricted: false # If true, user is limited in scope (e.g., no login, no file access).
|
||||
shell_access: true # MUST be "true" if shell is not '/usr/sbin/nologin' or '/bin/false'.
|
||||
system: false # Whether this is a low-UID system user (e.g., for automation).
|
||||
restricted: false # If true, user is limited in scope (e.g., no login, no file access, --no-create-home)
|
||||
shell: true # MUST be "true" if shell is not '/usr/sbin/nologin' or '/bin/false'.
|
||||
|
||||
##############################################################################################################################
|
||||
# ansible – System user for automation, no interactive shell
|
||||
@@ -750,13 +748,12 @@ user:
|
||||
gid: 137 # Ensures that the same user has the same GID on all systems.
|
||||
shell: /usr/sbin/nologin # Login shell (e.g., '/bin/bash', '/bin/zsh'); use '/usr/sbin/nologin' for non-interactive users.
|
||||
password: "" # No password set for ansible user
|
||||
ssh_pubkeys: # List of public SSH keys for authentication.
|
||||
- ""
|
||||
sshpubkey: ""
|
||||
authentication:
|
||||
access:
|
||||
ssh: true # Allow SSH access.
|
||||
tty: false # Allow TTY (local console) login.
|
||||
password_auth:
|
||||
password:
|
||||
ssh: false # Allow SSH password login.
|
||||
tty: false # Allow TTY (local console) password login.
|
||||
2fa:
|
||||
@@ -765,8 +762,8 @@ user:
|
||||
privileges:
|
||||
description: "Automation user without interactive shell and no sudo."
|
||||
sudo: true # Whether the user can escalate to root using sudo.
|
||||
system_user: true # Whether this is a low-UID system user (e.g., for automation).
|
||||
restricted: true # If true, user is limited in scope (e.g., no login, no file access).
|
||||
shell_access: false # MUST be "true" if shell is not '/usr/sbin/nologin' or '/bin/false'.
|
||||
system: true # Whether this is a low-UID system user (e.g., for automation).
|
||||
restricted: false # If true, user is limited in scope (e.g., no login, no file access, --no-create-home)
|
||||
shell: false # MUST be "true" if shell is not '/usr/sbin/nologin' or '/bin/false'.
|
||||
|
||||
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
|
||||
|
||||
Reference in New Issue
Block a user