salt
/
users-formula
geforkt von ExternalMirrors/users-formula
Beobachten 1
Favorisieren 0
Fork 0
Code Releases 0 Aktivität
Saltstack Official Users Formula
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
146 Commits
2 Branches
Struktur: a0392693e3
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „a0392693e3“
${ noResults }
users-formula/users/sudo.sls

90 Zeilen
2.8KB
Originalformat Blame Verlauf 

  1. # -*- coding: utf-8 -*-

  2. # vim: ft=sls

  3. {##

  4.   Name: users/sudo.sls

  5.   Description:

  6.     This file sets up sudoers

  7. #}

  8. 

  9. {% from "users/map.jinja" import users_settings with context %}

  10. 

  11. # Ensure availability of bash

  12. users-bashpackage-group-dir:

  13.   pkg.installed:

  14.     - name: {{ users_settings.bash_package }}

  15.   group.present:

  16.     - name: sudo

  17.     - system: True

  18.   file.directory:

  19.     - name: {{ users_settings.sudoers_dir }}

  20. 

  21. users-sudo-package:

  22.   pkg.installed:

  23.     - name: {{ users_settings.sudo_package }}

  24.     - require:

  25.       - group: users_sudo-group

  26.       - file: {{ users_settings.sudoers_dir }} 

  27.   file.append:

  28.     - name: {{ users_settings.sudoers_file }} 

  29.     - text:

  30.       - Defaults   env_reset

  31.       - Defaults   secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

  32.       - '#includedir {{ users_settings.sudoers_dir }}'

  33. {% for name, user in users_settings.items() %}

  34.   {% if user.absent is not defined or not user.absent  or user != None  %}

  35.     {% if 'sudouser' in user and user['sudouser'] %}

  36. users-sudoer-{{ name }}:

  37.   file.managed:

  38.     - name: {{ users.sudoers_dir }}/{{ name }}

  39.     - user: root

  40.     - group: {{ users.root_group }}

  41.     - mode: '0440'

  42.       {% if 'sudo_rules' in user or 'sudo_defaults' in user %}

  43.         {% if 'sudo_rules' in user %}

  44.           {% for rule in user['sudo_rules'] %}

  45. "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":

  46.   cmd.run:

  47.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  48.     - stateful: True

  49.     - shell: {{ users.visudo_shell }}

  50.     - env:

  51.       # Specify the rule via an env var to avoid shell quoting issues.

  52.       - rule: "{{ name }} {{ rule }}"

  53.           {% endfor %}

  54.         {% endif %}

  55.         {% if 'sudo_defaults' in user %}

  56.           {% for entry in user['sudo_defaults'] %}

  57. "validate {{ name }} sudo Defaults {{ loop.index0 }} {{ name }} {{ entry }}":

  58.   cmd.run:

  59.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  60.     - stateful: True

  61.     - shell: {{ users.visudo_shell }}

  62.     - env:

  63.       # Specify the rule via an env var to avoid shell quoting issues.

  64.       - rule: "Defaults:{{ name }} {{ entry }}"

  65.           {% endfor %}

  66.         {% endif %}

  67. 

  68. users_{{ users.sudoers_dir }}/{{ name }}:

  69.   file.managed:

  70.     - name: {{ users.sudoers_dir }}/{{ name }}

  71.     - contents: |

  72.       {%- if 'sudo_defaults' in user %}

  73.       {%- for entry in user['sudo_defaults'] %}

  74.         Defaults:{{ name }} {{ entry }}

  75.       {%- endfor %}

  76.       {%- endif %}

  77.       {%- if 'sudo_rules' in user %}

  78.       {%- for rule in user['sudo_rules'] %}

  79.         {{ name }} {{ rule }}

  80.       {%- endfor %}

  81.       {%- endif %}

  82.   {% endif %}

  83.   {% else %}

  84. users_{{ users.sudoers_dir }}/{{ name }}:

  85.   file.absent:

  86.     - name: {{ users.sudoers_dir }}/{{ name }}

  87.     {% endif %}

  88.   {% endif %}

  89. {% endfor %}