Skip to content

Commit

Permalink
[v10] Prefix sudoers lines with the user that is logging in instead o…
Browse files Browse the repository at this point in the history 
…f requiring a trait be templated. (#14038)

Prefix sudoers lines with user being logged in as
  • Loading branch information
Alex McGrath authored Jul 1, 2022
1 parent e873191 commit 354e97e
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 6 deletions.
2 changes: 1 addition & 1 deletion integration/hostuser_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ func TestRootHostUsers(t *testing.T) {
})
_, closer, err := users.CreateUser(testuser,
&services.HostUsersInfo{
Sudoers: []string{"root ALL=(ALL) ALL"},
Sudoers: []string{"ALL=(ALL) ALL"},
})
require.NoError(t, err)
_, err = os.Stat(sudoersPath(testuser, uuid))
Expand Down
8 changes: 6 additions & 2 deletions lib/srv/usermgmt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package srv
import (
"context"
"errors"
"fmt"
"io"
"os/user"
"strings"
Expand Down Expand Up @@ -218,8 +219,11 @@ func (u *HostUserManagement) CreateUser(name string, ui *services.HostUsersInfo)
backend: u.backend,
}
if len(ui.Sudoers) != 0 {
contents := []byte(strings.Join(ui.Sudoers, "\n") + "\n")
err := u.backend.WriteSudoersFile(name, contents)
var sudoers strings.Builder
for _, entry := range ui.Sudoers {
sudoers.WriteString(fmt.Sprintf("%s %s\n", name, entry))
}
err := u.backend.WriteSudoersFile(name, []byte(sudoers.String()))
if err != nil {
return tempUser, closer, trace.Wrap(err)
}
Expand Down
6 changes: 3 additions & 3 deletions lib/srv/usermgmt_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ func (tm *testHostUserBackend) RemoveSudoersFile(user string) error {

// CheckSudoers implements HostUsersBackend
func (*testHostUserBackend) CheckSudoers(contents []byte) error {
if string(contents) == "valid" {
if strings.Contains(string(contents), "validsudoers") {
return nil
}
return errors.New("invalid")
Expand Down Expand Up @@ -184,12 +184,12 @@ func TestUserMgmtSudoers_CreateTemporaryUser(t *testing.T) {

_, closer, err := users.CreateUser("bob", &services.HostUsersInfo{
Groups: []string{"hello", "sudo"},
Sudoers: []string{"valid"},
Sudoers: []string{"validsudoers"},
})
require.NoError(t, err)
require.NotNil(t, closer)

require.Equal(t, map[string]string{"bob": "valid"}, backend.sudoers)
require.Equal(t, map[string]string{"bob": "bob validsudoers"}, backend.sudoers)

require.NoError(t, closer.Close())
require.Empty(t, backend.sudoers)
Expand Down

0 comments on commit 354e97e

Please sign in to comment.