Permalink
Browse files

[COOK-499] sudo cookbook improvements

  • Loading branch information...
1 parent 668a08e commit ae9f896fdfe6410d8a2211a6f2f3f4cee1b91a63 @schisamo schisamo committed Apr 19, 2011
Showing with 122 additions and 105 deletions.
  1. +12 −5 sudo/README.md
  2. +4 −3 sudo/attributes/default.rb
  3. +88 −86 sudo/metadata.json
  4. +7 −1 sudo/metadata.rb
  5. +4 −3 sudo/recipes/default.rb
  6. +7 −7 sudo/templates/default/sudoers.erb
View
@@ -13,11 +13,15 @@ ATTRIBUTES
The following attributes are set to blank arrays:
- node[:authorization][:sudo][:groups]
- node[:authorization][:sudo][:users]
+ node['authorization']['sudo']['groups']
+ node['authorization']['sudo']['users']
They are passed into the sudoers template which iterates over the values to add sudo permission to the specified users and groups.
+If you prefer to use passwordless sudo just set the following attribute to true:
+
+ node['authorization']['sudo']['passwordless']
+
USAGE
=====
@@ -26,7 +30,8 @@ To use this cookbook, set the attributes above on the node via a role or the nod
"authorization" => {
"sudo" => {
"groups" => ["admin", "wheel", "sysadmin"],
- "users" => ["jerry", "greg"]
+ "users" => ["jerry", "greg"],
+ "passwordless" => true
}
}
@@ -42,7 +47,8 @@ In JSON (role.json or on the node object):
"users": [
"jerry",
"greg"
- ]
+ ],
+ "passwordless": true
}
}
@@ -52,8 +58,9 @@ LICENSE AND AUTHOR
==================
Author:: Adam Jacob <adam@opscode.com>
+Author:: Seth Chisamore <schisamo@opscode.com>
-Copyright 2009-2010, Opscode, Inc.
+Copyright 2009-2011, Opscode, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -2,7 +2,7 @@
# Cookbook Name:: sudo
# Attribute File:: sudoers
#
-# Copyright 2008-2009, Opscode, Inc.
+# Copyright 2008-2011, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,5 +17,6 @@
# limitations under the License.
#
-default[:authorization][:sudo][:groups] = Array.new
-default[:authorization][:sudo][:users] = Array.new
+default['authorization']['sudo']['groups'] = Array.new
+default['authorization']['sudo']['users'] = Array.new
+default['authorization']['sudo']['passwordless'] = false
View
@@ -1,102 +1,104 @@
{
- "providing": {
- },
- "attributes": {
- "authorization/sudoers/groups": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "",
- "type": "array",
- "recipes": [
-
- ],
- "description": "Groups who are allowed sudo ALL",
- "display_name": "Sudo Groups"
- },
- "authorization": {
- "required": "optional",
- "calculated": false,
- "choice": [
+ "name": "sudo",
+ "description": "Installs sudo and configures /etc/sudoers",
+ "long_description": "",
+ "maintainer": "Opscode, Inc.",
+ "maintainer_email": "cookbooks@opscode.com",
+ "license": "Apache 2.0",
+ "platforms": {
+ "redhat": ">= 0.0.0",
+ "centos": ">= 0.0.0",
+ "fedora": ">= 0.0.0",
+ "ubuntu": ">= 0.0.0",
+ "debian": ">= 0.0.0",
+ "freebsd": ">= 0.0.0"
+ },
+ "dependencies": {
+ },
+ "recommendations": {
+ },
+ "suggestions": {
+ },
+ "conflicting": {
+ },
+ "providing": {
+ },
+ "replacing": {
+ },
+ "attributes": {
+ "authorization": {
+ "display_name": "Authorization",
+ "description": "Hash of Authorization attributes",
+ "type": "hash",
+ "choice": [
- ],
- "type": "hash",
- "recipes": [
-
- ],
- "description": "Hash of Authorization attributes",
- "display_name": "Authorization"
- },
- "authorization/sudoers/users": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "",
- "type": "array",
- "recipes": [
+ ],
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
- ],
- "description": "Users who are allowed sudo ALL",
- "display_name": "Sudo Users"
- },
- "authorization/sudoers": {
- "required": "optional",
- "calculated": false,
- "choice": [
+ ]
+ },
+ "authorization/sudoers": {
+ "display_name": "Authorization Sudoers",
+ "description": "Hash of Authorization/Sudoers attributes",
+ "type": "hash",
+ "choice": [
- ],
- "type": "hash",
- "recipes": [
+ ],
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
- ],
- "description": "Hash of Authorization/Sudoers attributes",
- "display_name": "Authorization Sudoers"
- }
- },
- "replacing": {
- },
- "dependencies": {
- },
- "groupings": {
- },
- "recommendations": {
+ ]
},
- "platforms": {
- "debian": [
+ "authorization/sudoers/users": {
+ "display_name": "Sudo Users",
+ "description": "Users who are allowed sudo ALL",
+ "type": "array",
+ "default": "",
+ "choice": [
],
- "fedora": [
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
- ],
- "centos": [
+ ]
+ },
+ "authorization/sudoers/groups": {
+ "display_name": "Sudo Groups",
+ "description": "Groups who are allowed sudo ALL",
+ "type": "array",
+ "default": "",
+ "choice": [
],
- "freebsd": [
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
- ],
- "ubuntu": [
+ ]
+ },
+ "authorization/sudoers/passwordless": {
+ "display_name": "Passwordless Sudo",
+ "description": "",
+ "type": "string",
+ "default": "false",
+ "choice": [
],
- "redhat": [
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
]
- },
- "license": "Apache 2.0",
- "version": "0.9.1",
- "maintainer": "Opscode, Inc.",
- "suggestions": {
- },
- "recipes": {
- "sudo": "Installs sudo and configures /etc/sudoers"
- },
- "maintainer_email": "cookbooks@opscode.com",
- "name": "sudo",
- "conflicting": {
- },
- "description": "Installs sudo and configures /etc/sudoers",
- "long_description": ""
- }
+ }
+ },
+ "groupings": {
+ },
+ "recipes": {
+ "sudo": "Installs sudo and configures /etc/sudoers"
+ },
+ "version": "1.0.0"
+}
View
@@ -2,7 +2,7 @@
maintainer_email "cookbooks@opscode.com"
license "Apache 2.0"
description "Installs sudo and configures /etc/sudoers"
-version "0.9.1"
+version "1.0.0"
recipe "sudo", "Installs sudo and configures /etc/sudoers"
@@ -31,3 +31,9 @@
:description => "Groups who are allowed sudo ALL",
:type => "array",
:default => ""
+
+attribute "authorization/sudoers/passwordless",
+ :display_name => "Passwordless Sudo",
+ :description => "",
+ :type => "string",
+ :default => "false"
View
@@ -2,7 +2,7 @@
# Cookbook Name:: sudo
# Recipe:: default
#
-# Copyright 2008-2009, Opscode, Inc.
+# Copyright 2008-2011, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,7 +27,8 @@
owner "root"
group "root"
variables(
- :sudoers_groups => node[:authorization][:sudo][:groups],
- :sudoers_users => node[:authorization][:sudo][:users]
+ :sudoers_groups => node['authorization']['sudo']['groups'],
+ :sudoers_users => node['authorization']['sudo']['users'],
+ :passwordless => node['authorization']['sudo']['passwordless']
)
end
@@ -1,22 +1,22 @@
#
# /etc/sudoers
-#
+#
# Generated by Chef for <%= node[:fqdn] %>
-#
+#
Defaults !lecture,tty_tickets,!fqdn
# User privilege specification
-root ALL=(ALL) ALL
+root ALL=(ALL) ALL
<% @sudoers_users.each do |user| -%>
-<%= user %> ALL=(ALL) ALL
+<%= user %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL
<% end -%>
# Members of the sysadmin group may gain root privileges
-%sysadmin ALL=(ALL) ALL
+%sysadmin ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL
<% @sudoers_groups.each do |group| -%>
# Members of the group '<%= group %>' may gain root privileges
-%<%= group %> ALL=(ALL) ALL
-<% end -%>
+%<%= group %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL
+<% end -%>

0 comments on commit ae9f896

Please sign in to comment.