From d1767ba253c27af4850e72539b383c23ee0144cb Mon Sep 17 00:00:00 2001
From: bellaweo <mmeyer@plos.org>
Date: Wed, 15 Feb 2017 14:51:53 -0800
Subject: [PATCH] non vagrant/dev environments can only run commands as root

---
 sudoers/map.jinja | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sudoers/map.jinja b/sudoers/map.jinja
index 96b25fc..cd97539 100644
--- a/sudoers/map.jinja
+++ b/sudoers/map.jinja
@@ -16,11 +16,11 @@
 
 # our plos active directory core groups sudoers permissions, filtered by environment
 {% set ad_group_maps = salt['grains.filter_by']({
-    'default': { 'default': 'ALL = (ALL:ALL) NOPASSWD: SUPPORT' },
+    'default': { 'default': 'ALL = (root) NOPASSWD: SUPPORT' },
     'vagrant': { 'default': 'ALL = (ALL:ALL) NOPASSWD: ALL' },
     'dev':     { 'default': 'ALL = (ALL:ALL) NOPASSWD: ALL' },
-    'qa':      { 'default': 'ALL = (ALL:ALL) NOPASSWD: SUPPORT',
-                 'plosqa': 'ALL = (ALL:ALL) NOPASSWD: ALL' },
+    'qa':      { 'default': 'ALL = (root) NOPASSWD: SUPPORT',
+                 'plosqa': 'ALL = (root) NOPASSWD: ALL' },
     },
     grain='environment',
     merge=salt['pillar.get']('group_maps:lookup', None))