Salt/sudoers-formula
0
0
Fork 0
mirror of https://github.com/saltstack-formulas/sudoers-formula.git synced 2026-05-21 23:52:31 +02:00
Code Issues Activity

Merge 17a8ed9ae89c1543c3f321ef329e1b70cc3aa747 into 1a46975212b5e0c6c8162c8b15982ae4966933b6

Browse Source
This commit is contained in:
gmarone 2018-03-07 00:02:12 +00:00 committed by GitHub
commit cd65db744e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pillar.example
View File

@ -7,6 +7,10 @@ sudoers:
sudo: sudo:
- 'ALL=(ALL) ALL' - 'ALL=(ALL) ALL'
- 'ALL=(nodejs) NOPASSWD: ALL' - 'ALL=(nodejs) NOPASSWD: ALL'
network_groups:
my-network-admin-group:
- 'ALL=(ALL) ALL'
- 'ALL=(nodejs) NOPASSWD: ALL'
defaults: defaults:
generic: generic:
- env_reset - env_reset

10
sudoers/files/sudoers
View File

@ -13,6 +13,7 @@
{%- set runas_list_defaults = defaults.get('runas_list', {}) %} {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
{%- set users = sudoers.get('users', {'root': ['ALL=(ALL:ALL) ALL']}) %} {%- set users = sudoers.get('users', {'root': ['ALL=(ALL:ALL) ALL']}) %}
{%- set groups = sudoers.get('groups', {'sudo': ['ALL=(ALL:ALL) ALL']}) %} {%- set groups = sudoers.get('groups', {'sudo': ['ALL=(ALL:ALL) ALL']}) %}
{%- set network_groups = sudoers.get('network_groups', {'sudo': ['ALL=(ALL:ALL) ALL']}) %}
{%- else %} {%- else %}
{%- set defaults = sudoers.get('defaults', {}) %} {%- set defaults = sudoers.get('defaults', {}) %}
{%- set generic_defaults = defaults.get('generic', []) %} {%- set generic_defaults = defaults.get('generic', []) %}
@ -22,6 +23,7 @@
{%- set runas_list_defaults = defaults.get('runas_list', {}) %} {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
{%- set users = sudoers.get('users', {}) %} {%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %} {%- set groups = sudoers.get('groups', {}) %}
{%- set network_groups = sudoers.get('network_groups', {}) %}
{%- endif %} {%- endif %}
{%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%} {%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%}
{%- else %} {%- else %}
@ -33,6 +35,7 @@
{%- set runas_list_defaults = defaults.get('runas_list', {}) %} {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
{%- set users = sudoers.get('users', {}) %} {%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %} {%- set groups = sudoers.get('groups', {}) %}
{%- set network_groups = sudoers.get('network_groups', {}) %}
{%- set includedir = sudoers.get('includedir', None) %} {%- set includedir = sudoers.get('includedir', None) %}
{%- endif %} {%- endif %}
{%- set aliases = sudoers.get('aliases', {}) %} {%- set aliases = sudoers.get('aliases', {}) %}
@ -95,6 +98,13 @@ Runas_Alias {{ name }} = {{ ",".join(runas) }}
{%- endfor %} {%- endfor %}
{%- endfor %} {%- endfor %}
# Network Group privilege specification
{%- for group,specs in network_groups.items() %}
{%- for spec in specs %}
+{{ group }} {{ spec }}
{%- endfor %}
{%- endfor %}
{% if includedir %} {% if includedir %}
## Read drop-in files from /etc/sudoers.d ## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment) ## (the '#' here does not indicate a comment)