From fae6d2bff14ab38266f2aebcebe00b5eceaa05ce Mon Sep 17 00:00:00 2001
From: Eldo Varghese <evarghese@plos.org>
Date: Wed, 7 Mar 2018 16:38:01 -0800
Subject: [PATCH] ITI-3263 added noexec

---
 sudoers/map.jinja | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sudoers/map.jinja b/sudoers/map.jinja
index cd97539..8446515 100644
--- a/sudoers/map.jinja
+++ b/sudoers/map.jinja
@@ -16,10 +16,10 @@
 
 # our plos active directory core groups sudoers permissions, filtered by environment
 {% set ad_group_maps = salt['grains.filter_by']({
-    'default': { 'default': 'ALL = (root) NOPASSWD: SUPPORT' },
+    'default': { 'default': 'ALL = (root) NOEXEC:NOPASSWD: SUPPORT' },
     'vagrant': { 'default': 'ALL = (ALL:ALL) NOPASSWD: ALL' },
     'dev':     { 'default': 'ALL = (ALL:ALL) NOPASSWD: ALL' },
-    'qa':      { 'default': 'ALL = (root) NOPASSWD: SUPPORT',
+    'qa':      { 'default': 'ALL = (root) NOEXEC:NOPASSWD: SUPPORT',
                  'plosqa': 'ALL = (root) NOPASSWD: ALL' },
     },
     grain='environment',