1
0
Fork 0
formula-sudoers/pillar.example

72 lines
1.8 KiB
Plaintext
Raw Normal View History

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
2013-08-20 17:32:58 -04:00
sudoers:
# By default the main sudoers file is managed by this formula (False to skip)
manage_main_config: true
# By default the included directory is not purged from unwanted files
purge_includedir: false
2013-08-20 17:32:58 -04:00
users:
2014-10-02 03:22:49 -04:00
johndoe:
- 'ALL=(ALL) ALL'
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
2013-08-20 17:32:58 -04:00
groups:
2014-10-02 03:22:49 -04:00
sudo:
- 'ALL=(ALL) ALL'
- 'ALL=(nodejs) NOPASSWD: ALL'
2018-08-13 15:33:05 -04:00
netgroups:
sysadmins:
- 'ALL=(ALL) ALL'
2013-08-20 17:32:58 -04:00
defaults:
generic:
2014-10-04 15:29:39 -04:00
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
user_list:
johndoe: '!requiretty'
ADMINS: '!lecture'
host_list:
www1: 'log_year, logfile=/var/log/sudo.log'
command_list:
PROCESSES: 'noexec'
runas_list:
root: '!set_logname'
2013-08-20 17:32:58 -04:00
aliases:
hosts:
2013-08-20 17:51:13 -04:00
WEBSERVERS:
2013-08-20 17:32:58 -04:00
- www1
- www2
- www3
users:
2013-08-20 17:51:13 -04:00
ADMINS:
2013-08-20 17:32:58 -04:00
- millert
- dowdy
- mikef
commands:
2013-08-20 17:51:13 -04:00
PROCESSES:
2013-08-20 17:32:58 -04:00
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
2013-08-20 17:35:57 -04:00
includedir: /etc/sudoers.d
included_files:
/etc/sudoers.d/extra-file:
users:
2014-10-02 03:22:49 -04:00
foo:
- 'ALL=(ALL) ALL'
extra-file-2:
groups:
2014-10-02 03:22:49 -04:00
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
2018-08-13 15:33:05 -04:00
extra-file-3:
netgroups:
other_netgroup:
- 'ALL=(ALL) ALL'
# ordering is important. The sudoers manpage says when multiple
# entries match, the last match is used. However, if we do not
# manage the main config, our included files may not match last.
# To guarantee included files match last, set 'true' below to append
# each '#include <includefile>' to sudoers file.
append_included_files_to_endof_main_config: true