1
0
Fork 0
mirror of synced 2024-11-04 16:38:58 -05:00
formula-sudoers/pillar.example

71 lines
1.8 KiB
YAML

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
sudoers:
# By default the main sudoers file is managed by this formula (False to skip)
manage_main_config: true
# By default the included directory is not purged from unwanted files
purge_includedir: false
users:
johndoe:
- 'ALL=(ALL) ALL'
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
groups:
sudo:
- 'ALL=(ALL) ALL'
- 'ALL=(nodejs) NOPASSWD: ALL'
netgroups:
sysadmins:
- 'ALL=(ALL) ALL'
defaults:
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
user_list:
johndoe: '!requiretty'
ADMINS: '!lecture'
host_list:
www1: 'log_year, logfile=/var/log/sudo.log'
command_list:
PROCESSES: 'noexec'
runas_list:
root: '!set_logname'
aliases:
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
includedir: /etc/sudoers.d
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- 'ALL=(ALL) ALL'
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- 'ALL=(ALL) ALL'
# ordering is important. The sudoers manpage says when multiple
# entries match, the last match is used. However, if we do not
# manage the main config, our included files may not match last.
# To guarantee included files match last, set 'true' below to append
# each '#include <includefile>' to sudoers file.
append_included_files_to_endof_main_config: true