better sudoers support & default gid

add support for sudouser being False.
change to adding sudoers config to /etc/sudoers.d/<user>
adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
This commit is contained in:
Shawn Butts 2013-10-28 16:39:55 -04:00
parent 6b1d798302
commit f25cec613a
1 changed files with 22 additions and 8 deletions

View File

@ -25,6 +25,7 @@ include:
- group: {{ name }} - group: {{ name }}
group.present: group.present:
- name: {{ name }} - name: {{ name }}
- gid: {{ user['uid'] }}
user.present: user.present:
- name: {{ name }} - name: {{ name }}
- home: {{ home }} - home: {{ home }}
@ -101,15 +102,25 @@ ssh_auth_{{ name }}_{{ loop.index0 }}:
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'sudouser' in user %}
sudoer-{{ name }}:
file.append:
- name: /etc/sudoers
- text:
- "{{ name }} ALL=(ALL) NOPASSWD: ALL"
- require:
- file: sudoer-defaults
{% if 'sudouser' in user and user['sudouser'] %}
sudoer-{{ name }}:
file.managed:
- name: /etc/sudoers.d/{{ name }}
- user: root
- group: root
- mode: '0440'
/etc/sudoers.d/{{ name }}:
file.append:
- text:
- "{{ name }} ALL=(ALL) NOPASSWD: ALL"
- require:
- file: sudoer-defaults
- file: sudoer-{{ name }}
{% else %}
/etc/sudoers.d/{{ name }}:
file.absent:
- name: /etc/sudoers.d/{{ name }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@ -117,4 +128,7 @@ sudoer-{{ name }}:
{% for user in pillar.get('absent_users', []) %} {% for user in pillar.get('absent_users', []) %}
{{ user }}: {{ user }}:
user.absent user.absent
/etc/sudoers.d/{{ user }}:
file.absent:
- name: /etc/sudoers.d/{{ user }}
{% endfor %} {% endfor %}