forked from chef-boneyard/sudo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Roderik van der Veer
committed
Dec 12, 2013
1 parent
c67adac
commit 44e3508
Showing
1 changed file
with
42 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,26 +1,62 @@ | ||
| # This file is managed by Chef. | ||
| # Do NOT modify this file directly. | ||
|
|
||
| # sudoers file. | ||
| # | ||
| # This file MUST be edited with the 'visudo' command as root. | ||
| # Failure to use 'visudo' may result in syntax or file permission errors | ||
| # that prevent sudo from running. | ||
| # | ||
| # See the sudoers man page for the details on how to write a sudoers file. | ||
| # | ||
|
|
||
| # Host alias specification | ||
|
|
||
| # User alias specification | ||
|
|
||
| # Cmnd alias specification | ||
|
|
||
| # Defaults specification | ||
| Defaults env_reset | ||
| Defaults env_keep += "BLOCKSIZE" | ||
| Defaults env_keep += "COLORFGBG COLORTERM" | ||
| Defaults env_keep += "__CF_USER_TEXT_ENCODING" | ||
| Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE" | ||
| Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME" | ||
| Defaults env_keep += "LINES COLUMNS" | ||
| Defaults env_keep += "LSCOLORS" | ||
| Defaults env_keep += "SSH_AUTH_SOCK" | ||
| Defaults env_keep += "TZ" | ||
| Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY" | ||
| Defaults env_keep += "EDITOR VISUAL" | ||
| Defaults env_keep += "HOME MAIL" | ||
| <% @sudoers_defaults.each do |defaults| -%> | ||
| Defaults <%= defaults %> | ||
| <% end -%> | ||
| <% if @agent_forwarding -%> | ||
| Defaults env_keep+=SSH_AUTH_SOCK | ||
| <% end -%> | ||
|
|
||
| # Runas alias specification | ||
|
|
||
| # User privilege specification | ||
| root ALL=(ALL) ALL | ||
| root ALL=(ALL) ALL | ||
| %admin ALL=(ALL) ALL | ||
|
|
||
| <% @sudoers_users.each do |user| -%> | ||
| <%= user %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL | ||
| <% end -%> | ||
|
|
||
| # Members of the sysadmin group may gain root privileges | ||
| %sysadmin ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL | ||
| # Uncomment to allow people in group wheel to run all commands | ||
| # %wheel ALL=(ALL) ALL | ||
|
|
||
| # Same thing without a password | ||
| # %wheel ALL=(ALL) NOPASSWD: ALL | ||
|
|
||
| <% @sudoers_groups.each do |group| -%> | ||
| # Members of the group '<%= group %>' may gain root privileges | ||
| %<%= group %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL | ||
| <% end -%> | ||
|
|
||
| # Samples | ||
| # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom | ||
| # %users localhost=/sbin/shutdown -h now | ||
|
|
||
| <%= '#includedir /etc/sudoers.d' if @include_sudoers_d %> |