2014-02-09 12:32:22 -05:00
|
|
|
{%- if (not included) %}
|
|
|
|
|
{%- set sudoers = pillar.get('sudoers', {}) %}
|
2014-02-09 12:34:27 -05:00
|
|
|
{%- if grains['os_family'] == 'Debian' %}
|
2014-07-09 14:35:07 -04:00
|
|
|
{%- set defaults = sudoers.get('defaults', {'generic': [
|
2014-02-09 12:34:27 -05:00
|
|
|
'env_reset',
|
|
|
|
|
'mail_badpass',
|
|
|
|
|
'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
|
2014-07-09 14:35:07 -04:00
|
|
|
]}) %}
|
2014-07-30 05:10:50 -04:00
|
|
|
{%- set generic_defaults = defaults.get('generic', []) %}
|
|
|
|
|
{%- set user_list_defaults = defaults.get('user_list', {}) %}
|
|
|
|
|
{%- set host_list_defaults = defaults.get('host_list', {}) %}
|
|
|
|
|
{%- set command_list_defaults = defaults.get('command_list', {}) %}
|
|
|
|
|
{%- set runas_list_defaults = defaults.get('runas_list', {}) %}
|
2014-10-01 11:03:54 -04:00
|
|
|
{%- set users = sudoers.get('users', {'root': ['ALL=(ALL:ALL) ALL']}) %}
|
|
|
|
|
{%- set groups = sudoers.get('groups', {'sudo': ['ALL=(ALL:ALL) ALL']}) %}
|
2018-08-13 15:33:05 -04:00
|
|
|
{%- set netgroups = sudoers.get('netgroups', {}) %}
|
2014-02-09 12:34:27 -05:00
|
|
|
{%- else %}
|
2014-07-09 13:21:58 -04:00
|
|
|
{%- set defaults = sudoers.get('defaults', {}) %}
|
2014-07-09 14:35:07 -04:00
|
|
|
{%- set generic_defaults = defaults.get('generic', []) %}
|
2014-07-09 13:21:58 -04:00
|
|
|
{%- set user_list_defaults = defaults.get('user_list', {}) %}
|
|
|
|
|
{%- set host_list_defaults = defaults.get('host_list', {}) %}
|
|
|
|
|
{%- set command_list_defaults = defaults.get('command_list', {}) %}
|
|
|
|
|
{%- set runas_list_defaults = defaults.get('runas_list', {}) %}
|
2014-02-09 12:34:27 -05:00
|
|
|
{%- set users = sudoers.get('users', {}) %}
|
|
|
|
|
{%- set groups = sudoers.get('groups', {}) %}
|
2018-08-13 15:33:05 -04:00
|
|
|
{%- set netgroups = sudoers.get('netgroups', {}) %}
|
2014-02-09 12:34:27 -05:00
|
|
|
{%- endif %}
|
2014-02-09 12:32:22 -05:00
|
|
|
{%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%}
|
|
|
|
|
{%- else %}
|
2014-07-09 14:36:47 -04:00
|
|
|
{%- set defaults = sudoers.get('defaults', {}) %}
|
2014-07-09 14:35:07 -04:00
|
|
|
{%- set generic_defaults = defaults.get('generic', []) %}
|
|
|
|
|
{%- set user_list_defaults = defaults.get('user_list', {}) %}
|
|
|
|
|
{%- set host_list_defaults = defaults.get('host_list', {}) %}
|
|
|
|
|
{%- set command_list_defaults = defaults.get('command_list', {}) %}
|
|
|
|
|
{%- set runas_list_defaults = defaults.get('runas_list', {}) %}
|
2014-02-09 12:34:27 -05:00
|
|
|
{%- set users = sudoers.get('users', {}) %}
|
|
|
|
|
{%- set groups = sudoers.get('groups', {}) %}
|
2018-08-13 15:33:05 -04:00
|
|
|
{%- set netgroups = sudoers.get('netgroups', {}) %}
|
2014-02-09 12:32:22 -05:00
|
|
|
{%- set includedir = sudoers.get('includedir', None) %}
|
|
|
|
|
{%- endif %}
|
2013-08-20 17:55:49 -04:00
|
|
|
{%- set aliases = sudoers.get('aliases', {}) %}
|
|
|
|
|
{%- set host_aliases = aliases.get('hosts', {}) %}
|
|
|
|
|
{%- set user_aliases = aliases.get('users', {}) %}
|
|
|
|
|
{%- set command_aliases = aliases.get('commands', {}) %}
|
2014-02-09 12:34:27 -05:00
|
|
|
{%- set runas_aliases = aliases.get('runas', {}) -%}
|
2013-08-20 17:32:58 -04:00
|
|
|
#
|
|
|
|
|
# This file is managed by salt
|
|
|
|
|
#
|
|
|
|
|
|
2014-07-09 13:21:58 -04:00
|
|
|
# Defaults specification
|
|
|
|
|
{% for default in generic_defaults -%}
|
2013-08-20 17:32:58 -04:00
|
|
|
Defaults {{ default }}
|
2013-08-20 17:45:11 -04:00
|
|
|
{% endfor %}
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for user,spec in user_list_defaults|dictsort %}
|
2014-07-09 13:21:58 -04:00
|
|
|
Defaults:{{ user }} {{ spec }}
|
|
|
|
|
{%- endfor %}
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for host,spec in host_list_defaults|dictsort %}
|
2014-07-09 13:21:58 -04:00
|
|
|
Defaults@{{ host }} {{ spec }}
|
|
|
|
|
{%- endfor %}
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for command,spec in command_list_defaults|dictsort %}
|
2014-07-09 13:56:16 -04:00
|
|
|
Defaults!{{ command }} {{ spec }}
|
2014-07-09 13:21:58 -04:00
|
|
|
{%- endfor %}
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for runas,spec in runas_list_defaults|dictsort %}
|
2014-07-09 13:56:16 -04:00
|
|
|
Defaults>{{ runas }} {{ spec }}
|
2014-07-09 13:21:58 -04:00
|
|
|
{%- endfor %}
|
|
|
|
|
|
2013-08-20 17:32:58 -04:00
|
|
|
# Host alias specification
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for name,hosts in host_aliases|dictsort %}
|
2013-08-20 17:45:11 -04:00
|
|
|
Host_Alias {{ name }} = {{ ",".join(hosts) }}
|
2013-08-20 17:54:21 -04:00
|
|
|
{%- endfor %}
|
2013-08-20 17:32:58 -04:00
|
|
|
|
|
|
|
|
# User alias specification
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for name,users in user_aliases|dictsort %}
|
2013-08-20 17:51:13 -04:00
|
|
|
User_Alias {{ name }} = {{ ",".join(users) }}
|
2013-08-20 17:54:21 -04:00
|
|
|
{%- endfor %}
|
2013-08-20 17:32:58 -04:00
|
|
|
|
|
|
|
|
# Cmnd alias specification
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for name,commands in command_aliases|dictsort %}
|
2013-08-20 17:51:13 -04:00
|
|
|
Cmnd_Alias {{ name }} = {{ ",".join(commands) }}
|
2013-08-20 17:54:21 -04:00
|
|
|
{%- endfor %}
|
2013-08-20 17:32:58 -04:00
|
|
|
|
|
|
|
|
# Runas alias specification
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for name,runas in runas_aliases|dictsort %}
|
2013-08-20 17:51:13 -04:00
|
|
|
Runas_Alias {{ name }} = {{ ",".join(runas) }}
|
2013-08-20 17:54:21 -04:00
|
|
|
{%- endfor %}
|
2013-08-20 17:32:58 -04:00
|
|
|
|
|
|
|
|
# User privilege specification
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for user,specs in users|dictsort %}
|
2014-08-19 10:26:47 -04:00
|
|
|
{%- for spec in specs %}
|
2013-08-20 17:51:13 -04:00
|
|
|
{{ user }} {{ spec }}
|
2014-08-19 10:26:47 -04:00
|
|
|
{%- endfor %}
|
2013-08-20 17:54:21 -04:00
|
|
|
{%- endfor %}
|
2013-08-20 17:32:58 -04:00
|
|
|
|
|
|
|
|
# Group privilege specification
|
2018-06-25 05:23:49 -04:00
|
|
|
{%- for group,specs in groups|dictsort %}
|
2014-08-19 10:26:47 -04:00
|
|
|
{%- for spec in specs %}
|
2013-08-20 17:51:13 -04:00
|
|
|
%{{ group }} {{ spec }}
|
2014-08-19 10:26:47 -04:00
|
|
|
{%- endfor %}
|
2013-08-20 17:54:21 -04:00
|
|
|
{%- endfor %}
|
2013-08-20 17:32:58 -04:00
|
|
|
|
2018-08-13 15:33:05 -04:00
|
|
|
# Netgroup privilege specification
|
|
|
|
|
{%- for netgroup,specs in netgroups.items() %}
|
|
|
|
|
{%- for spec in specs %}
|
|
|
|
|
+{{ netgroup }} {{ spec }}
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
{%- endfor %}
|
|
|
|
|
|
2013-08-20 17:35:57 -04:00
|
|
|
{% if includedir %}
|
2014-12-12 08:57:35 -05:00
|
|
|
## Read drop-in files from /etc/sudoers.d
|
|
|
|
|
## (the '#' here does not indicate a comment)
|
|
|
|
|
#includedir {{ includedir }}
|
2013-08-20 17:32:58 -04:00
|
|
|
{% endif %}
|
