73d2d70dbb
It should be possible to not overwrite the main sudoers configuration file and only provide files to be included. This introduces a new Pillar variable to achieve that. If it's not set we default to the old behaviour of managing that file.
60 lines
1.3 KiB
Text
60 lines
1.3 KiB
Text
sudoers:
|
|
# By default the main sudoers file is managed by this formula (False to skip)
|
|
manage_main_config: True
|
|
users:
|
|
johndoe:
|
|
- 'ALL=(ALL) ALL'
|
|
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
|
|
groups:
|
|
sudo:
|
|
- 'ALL=(ALL) ALL'
|
|
- 'ALL=(nodejs) NOPASSWD: ALL'
|
|
netgroups:
|
|
sysadmins:
|
|
- 'ALL=(ALL) ALL'
|
|
defaults:
|
|
generic:
|
|
- env_reset
|
|
- mail_badpass
|
|
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
user_list:
|
|
johndoe: '!requiretty'
|
|
ADMINS: '!lecture'
|
|
host_list:
|
|
www1: 'log_year, logfile=/var/log/sudo.log'
|
|
command_list:
|
|
PROCESSES: 'noexec'
|
|
runas_list:
|
|
root: '!set_logname'
|
|
aliases:
|
|
hosts:
|
|
WEBSERVERS:
|
|
- www1
|
|
- www2
|
|
- www3
|
|
users:
|
|
ADMINS:
|
|
- millert
|
|
- dowdy
|
|
- mikef
|
|
commands:
|
|
PROCESSES:
|
|
- /usr/bin/nice
|
|
- /bin/kill
|
|
- /usr/bin/renice
|
|
- /usr/bin/pkill
|
|
- /usr/bin/top
|
|
includedir: /etc/sudoers.d
|
|
included_files:
|
|
/etc/sudoers.d/extra-file:
|
|
users:
|
|
foo:
|
|
- 'ALL=(ALL) ALL'
|
|
extra-file-2:
|
|
groups:
|
|
bargroup:
|
|
- 'ALL=(ALL) NOPASSWD: ALL'
|
|
extra-file-3:
|
|
netgroups:
|
|
other_netgroup:
|
|
- 'ALL=(ALL) ALL'
|