Vitali Quiering
7 лет назад
1 измененных файлов: 41 добавлений и 3 удалений
+ 41
- 3
salt/files/master.d/f_defaults.conf
Просмотреть файл
| @@ -332,7 +332,24 @@ event_return_blacklist: | |||
| # This setting should be treated with care since it opens up execution | |||
| # capabilities to non root users. By default this capability is completely | |||
| # disabled. | |||
| {% if 'client_acl' in cfg_master -%} | |||
| {% if 'publisher_acl' in cfg_master -%} | |||
| {%- do default_keys.append('publisher_acl') %} | |||
| publisher_acl: | |||
| {%- for name, user in cfg_master['publisher_acl']|dictsort %} | |||
| {{ name}}: | |||
| {%- for command in user %} | |||
| - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %} | |||
| {%- endfor -%} | |||
| {%- endfor -%} | |||
| {% elif 'publisher_acl' in cfg_salt -%} | |||
| publisher_acl: | |||
| {%- for name, user in cfg_salt['publisher_acl']|dictsort %} | |||
| {{ name }}: | |||
| {%- for command in user %} | |||
| - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %} | |||
| {%- endfor -%} | |||
| {%- endfor -%} | |||
| {% elif 'client_acl' in cfg_master -%} | |||
| {%- do default_keys.append('client_acl') %} | |||
| client_acl: | |||
| {%- for name, user in cfg_master['client_acl']|dictsort %} | |||
| @@ -350,7 +367,7 @@ client_acl: | |||
| {%- endfor -%} | |||
| {%- endfor -%} | |||
| {% else -%} | |||
| #client_acl: | |||
| #publisher_acl: | |||
| # larry: | |||
| # - test.ping | |||
| # - network.* | |||
| @@ -361,7 +378,28 @@ client_acl: | |||
| # This example would blacklist all non sudo users, including root from | |||
| # running any commands. It would also blacklist any use of the "cmd" | |||
| # module. This is completely disabled by default. | |||
| {% if 'client_acl_blacklist' in cfg_master %} | |||
| {% if 'publisher_acl_blacklist' in cfg_master %} | |||
| {%- do default_keys.append('publisher_acl_blacklist') %} | |||
| publisher_acl_blacklist: | |||
| users: | |||
| {% for user in cfg_master['publisher_acl_blacklist'].get('users', []) %} | |||
| - {{ user }} | |||
| {% endfor %} | |||
| modules: | |||
| {% for mod in cfg_master['publisher_acl_blacklist'].get('modules', []) %} | |||
| - {{ mod }} | |||
| {% endfor %} | |||
| {% elif 'publisher_acl_blacklist' in cfg_salt %} | |||
| publisher_acl_blacklist: | |||
| users: | |||
| {% for user in cfg_salt['publisher_acl_blacklist'].get('users', []) %} | |||
| - {{ user }} | |||
| {% endfor %} | |||
| modules: | |||
| {% for mod in cfg_salt['publisher_acl_blacklist'].get('modules', []) %} | |||
| - {{ mod }} | |||
| {% endfor %} | |||
| {% elif 'client_acl_blacklist' in cfg_master %} | |||
| {%- do default_keys.append('client_acl_blacklist') %} | |||
| client_acl_blacklist: | |||
| users: | |||
Загрузка…