瀏覽代碼

better sudoers support & default gid

add support for sudouser being False.
change to adding sudoers config to /etc/sudoers.d/<user>
adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
tags/v0.45.0
Shawn Butts 11 年之前
父節點
當前提交
f25cec613a
共有 1 個檔案被更改,包括 22 行新增8 行删除
  1. +22
    -8
      users/init.sls

+ 22
- 8
users/init.sls 查看文件

@@ -25,6 +25,7 @@ include:
- group: {{ name }}
group.present:
- name: {{ name }}
- gid: {{ user['uid'] }}
user.present:
- name: {{ name }}
- home: {{ home }}
@@ -101,15 +102,25 @@ ssh_auth_{{ name }}_{{ loop.index0 }}:
{% endfor %}
{% endif %}

{% if 'sudouser' in user %}
sudoer-{{ name }}:
file.append:
- name: /etc/sudoers
- text:
- "{{ name }} ALL=(ALL) NOPASSWD: ALL"
- require:
- file: sudoer-defaults

{% if 'sudouser' in user and user['sudouser'] %}
sudoer-{{ name }}:
file.managed:
- name: /etc/sudoers.d/{{ name }}
- user: root
- group: root
- mode: '0440'
/etc/sudoers.d/{{ name }}:
file.append:
- text:
- "{{ name }} ALL=(ALL) NOPASSWD: ALL"
- require:
- file: sudoer-defaults
- file: sudoer-{{ name }}
{% else %}
/etc/sudoers.d/{{ name }}:
file.absent:
- name: /etc/sudoers.d/{{ name }}
{% endif %}

{% endfor %}
@@ -117,4 +128,7 @@ sudoer-{{ name }}:
{% for user in pillar.get('absent_users', []) %}
{{ user }}:
user.absent
/etc/sudoers.d/{{ user }}:
file.absent:
- name: /etc/sudoers.d/{{ user }}
{% endfor %}

Loading…
取消
儲存