commit
6e0dc536f5
23 changed files with 1089 additions and 34 deletions
11
sudoers/defaults.yaml
Normal file
11
sudoers/defaults.yaml
Normal file
|
@ -0,0 +1,11 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
sudoers:
|
||||
pkg: sudo
|
||||
manage_main_config: true
|
||||
configpath: /etc
|
||||
group: root
|
||||
execprefix: /usr/sbin
|
||||
includedir: /etc/sudoers.d
|
||||
included_files: {}
|
|
@ -1,31 +1,35 @@
|
|||
{% from "sudoers/map.jinja" import sudoers with context %}
|
||||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=sls
|
||||
|
||||
{#- Get the `tplroot` from `tpldir` #}
|
||||
{%- set tplroot = tpldir.split('/')[0] %}
|
||||
{%- set sls_config_file = tplroot ~ '.config.file' %}
|
||||
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
|
||||
|
||||
include:
|
||||
- sudoers
|
||||
|
||||
{% do sudoers.update(pillar.get('sudoers', {})) %}
|
||||
{% set includedir = sudoers.get('includedir', '/etc/sudoers.d') %}
|
||||
{% set included_files = sudoers.get('included_files', {}) %}
|
||||
{% set included_files = sudoers.included_files %}
|
||||
{% for included_file, spec in included_files.items() -%}
|
||||
sudoers include {{ included_file }}:
|
||||
file.managed:
|
||||
{% if '/' in included_file %}
|
||||
- name: {{ included_file }}
|
||||
{% else %}
|
||||
- name: {{ includedir }}/{{ included_file }}
|
||||
- name: {{ sudoers.includedir }}/{{ included_file }}
|
||||
{% endif %}
|
||||
- user: root
|
||||
- group: {{ sudoers.get('group', 'root') }}
|
||||
- group: {{ sudoers.group }}
|
||||
- mode: 440
|
||||
- makedirs: True
|
||||
- template: jinja
|
||||
- source: salt://sudoers/files/sudoers
|
||||
- check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f
|
||||
- check_cmd: {{ sudoers.execprefix }}/visudo -c -f
|
||||
- context:
|
||||
included: True
|
||||
sudoers: {{ spec|json }}
|
||||
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
|
||||
{% if sudoers.manage_main_config %}
|
||||
- require:
|
||||
- file: {{ sudoers.get('configpath', '/etc') }}/sudoers
|
||||
- file: {{ sudoers.configpath }}/sudoers
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
|
@ -1,19 +1,25 @@
|
|||
{% from "sudoers/map.jinja" import sudoers with context %}
|
||||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=sls
|
||||
|
||||
{#- Get the `tplroot` from `tpldir` #}
|
||||
{%- set tplroot = tpldir.split('/')[0] %}
|
||||
{%- set sls_config_file = tplroot ~ '.config.file' %}
|
||||
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
|
||||
|
||||
sudo:
|
||||
pkg.installed:
|
||||
- name: {{ sudoers.pkg }}
|
||||
|
||||
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
|
||||
{% if sudoers.manage_main_config %}
|
||||
|
||||
{{ sudoers.get('configpath', '/etc') }}/sudoers:
|
||||
{{ sudoers.configpath }}/sudoers:
|
||||
file.managed:
|
||||
- user: root
|
||||
- group: {{ sudoers.get('group', 'root') }}
|
||||
- group: {{ sudoers.group }}
|
||||
- mode: 440
|
||||
- template: jinja
|
||||
- source: salt://sudoers/files/sudoers
|
||||
- check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f
|
||||
- check_cmd: {{ sudoers.execprefix }}/visudo -c -f
|
||||
- context:
|
||||
included: False
|
||||
- require:
|
||||
|
@ -21,7 +27,7 @@ sudo:
|
|||
|
||||
{% else %}
|
||||
|
||||
{{ sudoers.get('configpath', '/etc') }}/sudoers:
|
||||
{{ sudoers.configpath }}/sudoers:
|
||||
test.show_notification:
|
||||
- name: Skipping management of main sudoers file
|
||||
- text: Pillar manage_main_config is False
|
||||
|
|
|
@ -1,17 +1,55 @@
|
|||
{% set sudoers = salt['grains.filter_by']({
|
||||
'Debian': {'pkg': 'sudo'},
|
||||
'Ubuntu': {'pkg': 'sudo'},
|
||||
'CentOS': {'pkg': 'sudo'},
|
||||
'Fedora': {'pkg': 'sudo'},
|
||||
'RedHat': {'pkg': 'sudo'},
|
||||
'Amazon': {'pkg': 'sudo'},
|
||||
'Gentoo': {'pkg': 'app-admin/sudo'},
|
||||
'Mint': {'pkg': 'sudo'},
|
||||
'Arch': {'pkg': 'sudo'},
|
||||
'Suse': {'pkg': 'sudo'},
|
||||
'FreeBSD': {'pkg': 'sudo',
|
||||
'configpath': '/usr/local/etc',
|
||||
'includedir': '/usr/local/etc/sudoers.d',
|
||||
'execprefix': '/usr/local/sbin',
|
||||
'group': 'wheel'},
|
||||
}, merge=salt['pillar.get']('sudoers:lookup')) %}
|
||||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=jinja
|
||||
|
||||
{#- Get the `tplroot` from `tpldir` #}
|
||||
{%- set tplroot = tpldir.split('/')[0] %}
|
||||
{#- Start imports as #}
|
||||
{%- import_yaml tplroot ~ "/defaults.yaml" as default_settings %}
|
||||
{%- import_yaml tplroot ~ "/osarchmap.yaml" as osarchmap %}
|
||||
{%- import_yaml tplroot ~ "/osfamilymap.yaml" as osfamilymap %}
|
||||
{%- import_yaml tplroot ~ "/osmap.yaml" as osmap %}
|
||||
{%- import_yaml tplroot ~ "/osfingermap.yaml" as osfingermap %}
|
||||
|
||||
{#- Retrieve the config dict only once #}
|
||||
{%- set _config = salt['config.get'](tplroot, default={}) %}
|
||||
|
||||
{%- set defaults = salt['grains.filter_by'](
|
||||
default_settings,
|
||||
default=tplroot,
|
||||
merge=salt['grains.filter_by'](
|
||||
osarchmap,
|
||||
grain='osarch',
|
||||
merge=salt['grains.filter_by'](
|
||||
osfamilymap,
|
||||
grain='os_family',
|
||||
merge=salt['grains.filter_by'](
|
||||
osmap,
|
||||
grain='os',
|
||||
merge=salt['grains.filter_by'](
|
||||
osfingermap,
|
||||
grain='osfinger',
|
||||
merge=salt['grains.filter_by'](
|
||||
_config,
|
||||
default='lookup'
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
%}
|
||||
|
||||
{%- set config = salt['grains.filter_by'](
|
||||
{'defaults': defaults},
|
||||
default='defaults',
|
||||
merge=_config
|
||||
)
|
||||
%}
|
||||
|
||||
{%- set sudoers = config %}
|
||||
|
||||
{#- Post-processing for specific non-YAML customisations #}
|
||||
{%- if grains.os == 'MacOS' %}
|
||||
{%- set macos_group = salt['cmd.run']("stat -f '%Sg' /dev/console") %}
|
||||
{%- do sudoers.update({'rootgroup': macos_group}) %}
|
||||
{%- endif %}
|
||||
|
|
35
sudoers/osarchmap.yaml
Normal file
35
sudoers/osarchmap.yaml
Normal file
|
@ -0,0 +1,35 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
#
|
||||
# Setup variables using grains['osarch'] based logic.
|
||||
# You just need to add the key:values for an `osarch` that differ
|
||||
# from `defaults.yaml`.
|
||||
# Only add an `osarch` which is/will be supported by the formula.
|
||||
#
|
||||
# If you do not need to provide defaults via the `osarch` grain,
|
||||
# you will need to provide at least an empty dict in this file, e.g.
|
||||
# osarch: {}
|
||||
---
|
||||
amd64:
|
||||
arch: amd64
|
||||
|
||||
x86_64:
|
||||
arch: amd64
|
||||
|
||||
386:
|
||||
arch: 386
|
||||
|
||||
arm64:
|
||||
arch: arm64
|
||||
|
||||
armv6l:
|
||||
arch: armv6l
|
||||
|
||||
armv7l:
|
||||
arch: armv7l
|
||||
|
||||
ppc64le:
|
||||
arch: ppc64le
|
||||
|
||||
s390x:
|
||||
arch: s390x
|
38
sudoers/osfamilymap.yaml
Normal file
38
sudoers/osfamilymap.yaml
Normal file
|
@ -0,0 +1,38 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
#
|
||||
# Setup variables using grains['os_family'] based logic.
|
||||
# You just need to add the key:values for an `os_family` that differ
|
||||
# from `defaults.yaml` + `osarch.yaml`.
|
||||
# Only add an `os_family` which is/will be supported by the formula.
|
||||
#
|
||||
# If you do not need to provide defaults via the `os_family` grain,
|
||||
# you will need to provide at least an empty dict in this file, e.g.
|
||||
# osfamilymap: {}
|
||||
---
|
||||
Debian: {}
|
||||
|
||||
RedHat: {}
|
||||
|
||||
Suse: {}
|
||||
|
||||
Gentoo:
|
||||
pkg: app-admin/sudo
|
||||
|
||||
Arch: {}
|
||||
|
||||
Alpine: {}
|
||||
|
||||
FreeBSD:
|
||||
configpath: /usr/local/etc
|
||||
includedir: /usr/local/etc/sudoers.d
|
||||
execprefix: /usr/local/sbin
|
||||
group: wheel
|
||||
|
||||
OpenBSD: {}
|
||||
|
||||
Solaris: {}
|
||||
|
||||
Windows: {}
|
||||
|
||||
MacOS: {}
|
14
sudoers/osfingermap.yaml
Normal file
14
sudoers/osfingermap.yaml
Normal file
|
@ -0,0 +1,14 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
#
|
||||
# Setup variables using grains['osfinger'] based logic.
|
||||
# You just need to add the key:values for an `osfinger` that differ
|
||||
# from `defaults.yaml` + `osarch.yaml` + `os_family.yaml` + `osmap.yaml`.
|
||||
# Only add an `osfinger` which is/will be supported by the formula.
|
||||
#
|
||||
# If you do not need to provide defaults via the `os_finger` grain,
|
||||
# you will need to provide at least an empty dict in this file, e.g.
|
||||
# osfingermap: {}
|
||||
---
|
||||
# os: Debian
|
||||
osfingermap: {}
|
13
sudoers/osmap.yaml
Normal file
13
sudoers/osmap.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
#
|
||||
# Setup variables using grains['os'] based logic.
|
||||
# You just need to add the key:values for an `os` that differ
|
||||
# from `defaults.yaml` + `osarch.yaml` + `os_family.yaml`.
|
||||
# Only add an `os` which is/will be supported by the formula.
|
||||
#
|
||||
# If you do not need to provide defaults via the `os` grain,
|
||||
# you will need to provide at least an empty dict in this file, e.g.
|
||||
# osmap: {}
|
||||
---
|
||||
osmap: {}
|
|
@ -8,6 +8,6 @@ control '`map.jinja` YAML dump' do
|
|||
|
||||
describe file('/tmp/salt_mapdata_dump.yaml') do
|
||||
it { should exist }
|
||||
its('content') { should include mapdata_dump }
|
||||
its('content') { should eq mapdata_dump }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Amazon Linux AMI-2018
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Amazon Linux-2
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Arch
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# CentOS-6
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# CentOS Linux-7
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# CentOS Linux-8
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Debian-10
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Debian-9
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Fedora-31
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Fedora-32
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Leap-15
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Ubuntu-16.04
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Ubuntu-18.04
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
|
@ -2,4 +2,68 @@
|
|||
# Ubuntu-20.04
|
||||
---
|
||||
sudoers:
|
||||
aliases:
|
||||
commands:
|
||||
PROCESSES:
|
||||
- /usr/bin/nice
|
||||
- /bin/kill
|
||||
- /usr/bin/renice
|
||||
- /usr/bin/pkill
|
||||
- /usr/bin/top
|
||||
hosts:
|
||||
WEBSERVERS:
|
||||
- www1
|
||||
- www2
|
||||
- www3
|
||||
users:
|
||||
ADMINS:
|
||||
- millert
|
||||
- dowdy
|
||||
- mikef
|
||||
arch: amd64
|
||||
configpath: /etc
|
||||
defaults:
|
||||
command_list:
|
||||
PROCESSES: noexec
|
||||
generic:
|
||||
- env_reset
|
||||
- mail_badpass
|
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
host_list:
|
||||
www1: log_year, logfile=/var/log/sudo.log
|
||||
runas_list:
|
||||
root: '!set_logname'
|
||||
user_list:
|
||||
ADMINS: '!lecture'
|
||||
johndoe: '!requiretty'
|
||||
execprefix: /usr/sbin
|
||||
group: root
|
||||
groups:
|
||||
sudo:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(nodejs) NOPASSWD: ALL'
|
||||
included_files:
|
||||
/etc/sudoers.d/extra-file:
|
||||
users:
|
||||
foo:
|
||||
- ALL=(ALL) ALL
|
||||
extra-file-2:
|
||||
groups:
|
||||
bargroup:
|
||||
- 'ALL=(ALL) NOPASSWD: ALL'
|
||||
extra-file-3:
|
||||
netgroups:
|
||||
other_netgroup:
|
||||
- ALL=(ALL) ALL
|
||||
includedir: /etc/sudoers.d
|
||||
manage_main_config: true
|
||||
netgroups:
|
||||
sysadmins:
|
||||
- ALL=(ALL) ALL
|
||||
pkg: sudo
|
||||
users:
|
||||
johndoe:
|
||||
- ALL=(ALL) ALL
|
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
||||
kitchen:
|
||||
- 'ALL=(root) NOPASSWD: ALL'
|
||||
|
|
Loading…
Reference in a new issue