mirror of
https://github.com/saltstack-formulas/sudoers-formula.git
synced 2024-11-27 22:38:22 +01:00
73d2d70dbb
It should be possible to not overwrite the main sudoers configuration file and only provide files to be included. This introduces a new Pillar variable to achieve that. If it's not set we default to the old behaviour of managing that file.
61 lines
1.3 KiB
Plaintext
61 lines
1.3 KiB
Plaintext
sudoers:
|
|
# By default the main sudoers file is managed by this formula (False to skip)
|
|
manage_main_config: True
|
|
users:
|
|
johndoe:
|
|
- 'ALL=(ALL) ALL'
|
|
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
|
groups:
|
|
sudo:
|
|
- 'ALL=(ALL) ALL'
|
|
- 'ALL=(nodejs) NOPASSWD: ALL'
|
|
netgroups:
|
|
sysadmins:
|
|
- 'ALL=(ALL) ALL'
|
|
defaults:
|
|
generic:
|
|
- env_reset
|
|
- mail_badpass
|
|
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
user_list:
|
|
johndoe: '!requiretty'
|
|
ADMINS: '!lecture'
|
|
host_list:
|
|
www1: 'log_year, logfile=/var/log/sudo.log'
|
|
command_list:
|
|
PROCESSES: 'noexec'
|
|
runas_list:
|
|
root: '!set_logname'
|
|
aliases:
|
|
hosts:
|
|
WEBSERVERS:
|
|
- www1
|
|
- www2
|
|
- www3
|
|
users:
|
|
ADMINS:
|
|
- millert
|
|
- dowdy
|
|
- mikef
|
|
commands:
|
|
PROCESSES:
|
|
- /usr/bin/nice
|
|
- /bin/kill
|
|
- /usr/bin/renice
|
|
- /usr/bin/pkill
|
|
- /usr/bin/top
|
|
includedir: /etc/sudoers.d
|
|
included_files:
|
|
/etc/sudoers.d/extra-file:
|
|
users:
|
|
foo:
|
|
- 'ALL=(ALL) ALL'
|
|
extra-file-2:
|
|
groups:
|
|
bargroup:
|
|
- 'ALL=(ALL) NOPASSWD: ALL'
|
|
extra-file-3:
|
|
netgroups:
|
|
other_netgroup:
|
|
- 'ALL=(ALL) ALL'
|