Salt
/
sudoers-formula
mirror of https://github.com/saltstack-formulas/sudoers-formula.git
0
0
Fork 0
Code Issues Activity

Extend defaults section of sudoers to permit the following: 

Default_Type ::= 'Defaults' |
                 'Defaults' '@' Host_List |
                 'Defaults' ':' User_List |
                 'Defaults' '!' Cmnd_List |
                 'Defaults' '>' Runas_List
This commit is contained in:
Robert Fairburn 2014-07-09 12:21:58 -05:00
parent 66ff6d8fee
commit ac278d226c
2 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pillar.example
View File

@ -4,9 +4,19 @@ sudoers:
groups: groups:
sudo: 'ALL=(ALL) NOPASSWD: ALL' sudo: 'ALL=(ALL) NOPASSWD: ALL'
defaults: defaults:
- env_reset generic:
- env_rset
- mail_badpass - mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
user_list:
johndoe: '!requiretty'
ADMINS: '!lecture'
host_list:
www1: 'log_year, logfile=/var/log/sudo.log'
command_list:
PROCESSES: 'noexec'
runas_list:
root: '!set_logname'
aliases: aliases:
hosts: hosts:
WEBSERVERS: WEBSERVERS:

23
sudoers/files/sudoers
View File

@ -9,7 +9,12 @@
{%- set users = sudoers.get('users', {'root': 'ALL=(ALL:ALL) ALL'}) %} {%- set users = sudoers.get('users', {'root': 'ALL=(ALL:ALL) ALL'}) %}
{%- set groups = sudoers.get('groups', {'sudo': 'ALL=(ALL:ALL) ALL'}) %} {%- set groups = sudoers.get('groups', {'sudo': 'ALL=(ALL:ALL) ALL'}) %}
{%- else %} {%- else %}
{%- set defaults = sudoers.get('defaults', []) %} {%- set defaults = sudoers.get('defaults', {}) %}
{%- set generic_defaults = defaults.get('generic', []) %}
{%- set user_list_defaults = defaults.get('user_list', {}) %}
{%- set host_list_defaults = defaults.get('host_list', {}) %}
{%- set command_list_defaults = defaults.get('command_list', {}) %}
{%- set runas_list_defaults = defaults.get('runas_list', {}) %}
{%- set users = sudoers.get('users', {}) %} {%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %} {%- set groups = sudoers.get('groups', {}) %}
{%- endif %} {%- endif %}
@ -29,9 +34,23 @@
# This file is managed by salt # This file is managed by salt
# #
{% for default in defaults -%} # Defaults specification
{% for default in generic_defaults -%}
Defaults {{ default }} Defaults {{ default }}
{% endfor %} {% endfor %}
{%- for user,spec in user_list_defaults.items() %}
Defaults:{{ user }} {{ spec }}
{%- endfor %}
{%- for host,spec in host_list_defaults.items() %}
Defaults@{{ host }} {{ spec }}
{%- endfor %}
{%- for command,spec in command_list_defaults.items() %}
Defaults!{{ user }} {{ spec }}
{%- endfor %}
{%- for user,spec in runas_list_defaults.items() %}
Defaults>{{ user }} {{ spec }}
{%- endfor %}
# Host alias specification # Host alias specification
{%- for name,hosts in host_aliases.items() %} {%- for name,hosts in host_aliases.items() %}
Host_Alias {{ name }} = {{ ",".join(hosts) }} Host_Alias {{ name }} = {{ ",".join(hosts) }}