1
0
Fork 0
mirror of synced 2024-12-21 05:31:09 -05:00

Merge pull request #44 from 9numbernine9/feature/add-netgroup-support

Add support for netgroups
This commit is contained in:
Niels Abspoel 2018-08-14 14:33:52 +02:00 committed by GitHub
commit 76a3db1b3b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 0 deletions

View file

@ -7,6 +7,9 @@ sudoers:
sudo:
- 'ALL=(ALL) ALL'
- 'ALL=(nodejs) NOPASSWD: ALL'
netgroups:
sysadmins:
- 'ALL=(ALL) ALL'
defaults:
generic:
- env_reset
@ -49,3 +52,7 @@ sudoers:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- 'ALL=(ALL) ALL'

View file

@ -13,6 +13,7 @@
{%- set runas_list_defaults = defaults.get('runas_list', {}) %}
{%- set users = sudoers.get('users', {'root': ['ALL=(ALL:ALL) ALL']}) %}
{%- set groups = sudoers.get('groups', {'sudo': ['ALL=(ALL:ALL) ALL']}) %}
{%- set netgroups = sudoers.get('netgroups', {}) %}
{%- else %}
{%- set defaults = sudoers.get('defaults', {}) %}
{%- set generic_defaults = defaults.get('generic', []) %}
@ -22,6 +23,7 @@
{%- set runas_list_defaults = defaults.get('runas_list', {}) %}
{%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %}
{%- set netgroups = sudoers.get('netgroups', {}) %}
{%- endif %}
{%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%}
{%- else %}
@ -33,6 +35,7 @@
{%- set runas_list_defaults = defaults.get('runas_list', {}) %}
{%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %}
{%- set netgroups = sudoers.get('netgroups', {}) %}
{%- set includedir = sudoers.get('includedir', None) %}
{%- endif %}
{%- set aliases = sudoers.get('aliases', {}) %}
@ -95,6 +98,13 @@ Runas_Alias {{ name }} = {{ ",".join(runas) }}
{%- endfor %}
{%- endfor %}
# Netgroup privilege specification
{%- for netgroup,specs in netgroups.items() %}
{%- for spec in specs %}
+{{ netgroup }} {{ spec }}
{%- endfor %}
{%- endfor %}
{% if includedir %}
## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)