improve allow_deny_users_groups

saltstack-formulas · Aug 21, 2017 · 9cdb9aa · 9cdb9aa
1 parent 178692f
commit 9cdb9aa
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config
@@ -208,13 +208,14 @@
 # needs to to a DNS lookup
 #
 # DenyUsers
-{{ option('DenyUsers', '') }}
+{{ option_string_or_list('DenyUsers', '', True , sep=' ')}}
 # AllowUsers
-{{ option('AllowUsers', '') }}
+{{ option_string_or_list('AllowUsers', '', True , sep=' ')}}
 # DenyGroups
-{{ option('DenyGroups', '') }}
+{{ option_string_or_list('DenyGroups', '', True , sep=' ')}}
 # AllowGroups
-{{ option('AllowGroups', '') }}
+{{ option_string_or_list('AllowGroups', '', True , sep=' ')}}
+
 
 # Specifies the available KEX (Key Exchange) algorithms.
 {{ option_string_or_list('KexAlgorithms', 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1', True) }}

diff --git a/pillar.example b/pillar.example
@@ -44,10 +44,33 @@ sshd_config:
   Subsystem: "sftp /usr/lib/openssh/sftp-server"
   UsePAM: 'yes'
   UseDNS: 'yes'
+  # set as string
   AllowUsers: '[email protected] [email protected] sidious luke'
+  # or set as list
+  AllowUsers: 
+    - [email protected] 
+    - [email protected] 
+    - sidious 
+    - luke
+  # set as string 
   DenyUsers: 'yoda [email protected]'
+  # or set as list
+  DenyUsers:
+    - yoda
+    - [email protected]
+  # set as string
   AllowGroups: 'wheel staff imperial'
+  # or set as list
+  AllowGroups:
+    - wheel
+    - staff
+    - imperial
+  # set as string
   DenyGroups: 'rebel'
+  # or set as list
+  DenyGroups:
+    - rebel
+    - badcompany
   matches:
     sftp_chroot:
       type: