1
0
Fork 0
mirror of synced 2024-11-21 16:35:33 -05:00

refactor: change pillar calls

This commit is contained in:
Eric Veiras Galisson 2020-08-24 17:26:54 +02:00
parent ee173b0041
commit d5002c3c25
18 changed files with 929 additions and 17 deletions

View file

@ -3,3 +3,9 @@
--- ---
sudoers: sudoers:
pkg: sudo pkg: sudo
manage_main_config: true
configpath: /etc
group: root
execprefix: /usr/sbin
includedir: /etc/sudoers.d
included_files: {}

View file

@ -1,31 +1,35 @@
{% from "sudoers/map.jinja" import sudoers with context %} # -*- coding: utf-8 -*-
# vim: ft=sls
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_config_file = tplroot ~ '.config.file' %}
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
include: include:
- sudoers - sudoers
{% do sudoers.update(pillar.get('sudoers', {})) %} {% set included_files = sudoers.included_files %}
{% set includedir = sudoers.get('includedir', '/etc/sudoers.d') %}
{% set included_files = sudoers.get('included_files', {}) %}
{% for included_file, spec in included_files.items() -%} {% for included_file, spec in included_files.items() -%}
sudoers include {{ included_file }}: sudoers include {{ included_file }}:
file.managed: file.managed:
{% if '/' in included_file %} {% if '/' in included_file %}
- name: {{ included_file }} - name: {{ included_file }}
{% else %} {% else %}
- name: {{ includedir }}/{{ included_file }} - name: {{ sudoers.includedir }}/{{ included_file }}
{% endif %} {% endif %}
- user: root - user: root
- group: {{ sudoers.get('group', 'root') }} - group: {{ sudoers.group }}
- mode: 440 - mode: 440
- makedirs: True - makedirs: True
- template: jinja - template: jinja
- source: salt://sudoers/files/sudoers - source: salt://sudoers/files/sudoers
- check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f - check_cmd: {{ sudoers.execprefix }}/visudo -c -f
- context: - context:
included: True included: True
sudoers: {{ spec|json }} sudoers: {{ spec|json }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %} {% if sudoers.manage_main_config %}
- require: - require:
- file: {{ sudoers.get('configpath', '/etc') }}/sudoers - file: {{ sudoers.configpath }}/sudoers
{% endif %} {% endif %}
{% endfor %} {% endfor %}

View file

@ -1,19 +1,25 @@
{% from "sudoers/map.jinja" import sudoers with context %} # -*- coding: utf-8 -*-
# vim: ft=sls
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_config_file = tplroot ~ '.config.file' %}
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
sudo: sudo:
pkg.installed: pkg.installed:
- name: {{ sudoers.pkg }} - name: {{ sudoers.pkg }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %} {% if sudoers.manage_main_config %}
{{ sudoers.get('configpath', '/etc') }}/sudoers: {{ sudoers.configpath }}/sudoers:
file.managed: file.managed:
- user: root - user: root
- group: {{ sudoers.get('group', 'root') }} - group: {{ sudoers.group }}
- mode: 440 - mode: 440
- template: jinja - template: jinja
- source: salt://sudoers/files/sudoers - source: salt://sudoers/files/sudoers
- check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f - check_cmd: {{ sudoers.execprefix }}/visudo -c -f
- context: - context:
included: False included: False
- require: - require:
@ -21,7 +27,7 @@ sudo:
{% else %} {% else %}
{{ sudoers.get('configpath', '/etc') }}/sudoers: {{ sudoers.configpath }}/sudoers:
test.show_notification: test.show_notification:
- name: Skipping management of main sudoers file - name: Skipping management of main sudoers file
- text: Pillar manage_main_config is False - text: Pillar manage_main_config is False

View file

@ -8,6 +8,6 @@ control '`map.jinja` YAML dump' do
describe file('/tmp/salt_mapdata_dump.yaml') do describe file('/tmp/salt_mapdata_dump.yaml') do
it { should exist } it { should exist }
its('content') { should include mapdata_dump } its('content') { should eq mapdata_dump }
end end
end end

View file

@ -2,4 +2,68 @@
# Amazon Linux AMI-2018 # Amazon Linux AMI-2018
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Amazon Linux-2 # Amazon Linux-2
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Arch # Arch
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# CentOS-6 # CentOS-6
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# CentOS Linux-7 # CentOS Linux-7
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# CentOS Linux-8 # CentOS Linux-8
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Debian-10 # Debian-10
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Debian-9 # Debian-9
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Fedora-31 # Fedora-31
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Fedora-32 # Fedora-32
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Leap-15 # Leap-15
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Ubuntu-16.04 # Ubuntu-16.04
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Ubuntu-18.04 # Ubuntu-18.04
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,4 +2,68 @@
# Ubuntu-20.04 # Ubuntu-20.04
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'