1
0
Fork 0
mirror of synced 2024-12-13 09:15:44 -05:00
formula-sudoers/pillar.example
Sebastian Meyer 73d2d70dbb
Make management of the main sudoers config optional
It should be possible to not overwrite the main sudoers configuration
file and only provide files to be included. This introduces a new Pillar
variable to achieve that. If it's not set we default to the old
behaviour of managing that file.
2018-08-22 12:30:32 +02:00

60 lines
1.3 KiB
Text

sudoers:
# By default the main sudoers file is managed by this formula (False to skip)
manage_main_config: True
users:
johndoe:
- 'ALL=(ALL) ALL'
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
groups:
sudo:
- 'ALL=(ALL) ALL'
- 'ALL=(nodejs) NOPASSWD: ALL'
netgroups:
sysadmins:
- 'ALL=(ALL) ALL'
defaults:
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
user_list:
johndoe: '!requiretty'
ADMINS: '!lecture'
host_list:
www1: 'log_year, logfile=/var/log/sudo.log'
command_list:
PROCESSES: 'noexec'
runas_list:
root: '!set_logname'
aliases:
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
includedir: /etc/sudoers.d
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- 'ALL=(ALL) ALL'
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- 'ALL=(ALL) ALL'