From 461107d8db8daa22ade2e0e792804023c7e3911d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Perell=C3=B3=20Mar=C3=ADn?= Date: Sun, 9 Feb 2014 18:32:22 +0100 Subject: [PATCH 1/4] Added sudoers.included formula to manage included sudoers files --- README.rst | 5 ++++- pillar.example | 6 ++++++ sudoers/files/sudoers | 12 +++++++----- sudoers/included.sls | 19 +++++++++++++++++++ sudoers/init.sls | 2 ++ 5 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 sudoers/included.sls diff --git a/README.rst b/README.rst index 27d508a..7e5f0c8 100644 --- a/README.rst +++ b/README.rst @@ -1,7 +1,7 @@ sudoers ======= -Set up the sudoers file +Set up sudo and the sudoers included files. .. note:: @@ -13,3 +13,6 @@ Available states ``sudoers`` Set up the sudoers file + +``sudoers.included`` + Set up an additional sudoers included file diff --git a/pillar.example b/pillar.example index 89c5389..77a5194 100644 --- a/pillar.example +++ b/pillar.example @@ -26,3 +26,9 @@ sudoers: - /usr/bin/pkill - /usr/bin/top includedir: /etc/sudoers.d + included_files: + /etc/sudoers.d/extra-file: + users: + foo: 'ALL=(ALL) ALL' + groups: + bargroup: 'ALL=(ALL) NOPASSWD: ALL' diff --git a/sudoers/files/sudoers b/sudoers/files/sudoers index 0fbe7f8..5687727 100644 --- a/sudoers/files/sudoers +++ b/sudoers/files/sudoers @@ -1,4 +1,9 @@ -{% set sudoers = pillar.get('sudoers', {}) %} +{%- if (not included) %} + {%- set sudoers = pillar.get('sudoers', {}) %} + {%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%} +{%- else %} + {%- set includedir = sudoers.get('includedir', None) %} +{%- endif %} {%- set defaults = sudoers.get('defaults', []) %} {%- set aliases = sudoers.get('aliases', {}) %} {%- set host_aliases = aliases.get('hosts', {}) %} @@ -6,8 +11,7 @@ {%- set command_aliases = aliases.get('commands', {}) %} {%- set runas_aliases = aliases.get('runas', {}) %} {%- set users = sudoers.get('users', {}) %} -{%- set groups = sudoers.get('groups', {}) %} -{%- set includedir = sudoers.get('includedir', None) -%} +{%- set groups = sudoers.get('groups', {}) -%} # # This file is managed by salt # @@ -47,6 +51,4 @@ Runas_Alias {{ name }} = {{ ",".join(runas) }} {% if includedir %} #includedir {{ includedir }} -{% else %} -#includedir /etc/sudoers.d {% endif %} diff --git a/sudoers/included.sls b/sudoers/included.sls new file mode 100644 index 0000000..ee3c1e1 --- /dev/null +++ b/sudoers/included.sls @@ -0,0 +1,19 @@ +include: + - sudoers + +{% set sudoers = pillar.get('sudoers', {}) %} +{% set included_files = sudoers.get('included_files', []) %} +{% for included_file,spec in included_files.items() -%} +{{ included_file }}: + file.managed: + - user: root + - group: root + - mode: 440 + - template: jinja + - source: salt://sudoers/files/sudoers + - context: + included: True + sudoers: {{ spec }} + - require: + - file: /etc/sudoers +{% endfor %} diff --git a/sudoers/init.sls b/sudoers/init.sls index 09f10e3..34fa7e8 100644 --- a/sudoers/init.sls +++ b/sudoers/init.sls @@ -11,5 +11,7 @@ sudo: - mode: 440 - template: jinja - source: salt://sudoers/files/sudoers + - context: + included: False - require: - pkg: sudo From e708ea4c8ded22399f6f53544a5e813cbf988e01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Perell=C3=B3=20Mar=C3=ADn?= Date: Sun, 9 Feb 2014 18:32:46 +0100 Subject: [PATCH 2/4] Fixed and updated the LICENSE file --- LICENSE | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/LICENSE b/LICENSE index 976e9d1..1f7b1c4 100644 --- a/LICENSE +++ b/LICENSE @@ -1,15 +1,14 @@ -epel -==== +Copyright (c) 2013 Kenneth Wilke +Copyright (c) 2014 Carlos Perelló Marín -Install the EPEL RPM and GPG key on RHEL 5/6 or CentOS 5/6. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at -.. note:: + http://www.apache.org/licenses/LICENSE-2.0 - See the full `Salt Formulas installation and usage instructions - `_. - -Available states ----------------- - -``epel`` - Installs the GPG key and EPEL RPM package for the current OS. +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. From 642a93d7df77199d17560fa65bab64038e096771 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Perell=C3=B3=20Mar=C3=ADn?= Date: Sun, 9 Feb 2014 18:34:27 +0100 Subject: [PATCH 3/4] Improved default values for Debian based distributions to match the distribution default values --- sudoers/files/sudoers | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/sudoers/files/sudoers b/sudoers/files/sudoers index 5687727..2c6c2e0 100644 --- a/sudoers/files/sudoers +++ b/sudoers/files/sudoers @@ -1,17 +1,30 @@ {%- if (not included) %} {%- set sudoers = pillar.get('sudoers', {}) %} + {%- if grains['os_family'] == 'Debian' %} + {%- set defaults = sudoers.get('defaults', [ + 'env_reset', + 'mail_badpass', + 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' + ]) %} + {%- set users = sudoers.get('users', {'root': 'ALL=(ALL:ALL) ALL'}) %} + {%- set groups = sudoers.get('groups', {'sudo': 'ALL=(ALL:ALL) ALL'}) %} + {%- else %} + {%- set defaults = sudoers.get('defaults', []) %} + {%- set users = sudoers.get('users', {}) %} + {%- set groups = sudoers.get('groups', {}) %} + {%- endif %} {%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%} {%- else %} + {%- set defaults = sudoers.get('defaults', []) %} + {%- set users = sudoers.get('users', {}) %} + {%- set groups = sudoers.get('groups', {}) %} {%- set includedir = sudoers.get('includedir', None) %} {%- endif %} -{%- set defaults = sudoers.get('defaults', []) %} {%- set aliases = sudoers.get('aliases', {}) %} {%- set host_aliases = aliases.get('hosts', {}) %} {%- set user_aliases = aliases.get('users', {}) %} {%- set command_aliases = aliases.get('commands', {}) %} -{%- set runas_aliases = aliases.get('runas', {}) %} -{%- set users = sudoers.get('users', {}) %} -{%- set groups = sudoers.get('groups', {}) -%} +{%- set runas_aliases = aliases.get('runas', {}) -%} # # This file is managed by salt # From 1eb65dec29ce8c6c97904feda27be8bc2ea73228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Perell=C3=B3=20Mar=C3=ADn?= Date: Sun, 9 Feb 2014 19:06:18 +0100 Subject: [PATCH 4/4] Applied review comments --- AUTHORS | 2 ++ LICENSE | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 AUTHORS diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..83eb17e --- /dev/null +++ b/AUTHORS @@ -0,0 +1,2 @@ +Kenneth Wilke +Carlos Perelló Marín diff --git a/LICENSE b/LICENSE index 1f7b1c4..d108df9 100644 --- a/LICENSE +++ b/LICENSE @@ -1,5 +1,4 @@ -Copyright (c) 2013 Kenneth Wilke -Copyright (c) 2014 Carlos Perelló Marín +Copyright (c) 2013-2014 Salt Stack Formulas Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.