Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[COOK-499] sudo cookbook improvements

  • Loading branch information...
commit ae9f896fdfe6410d8a2211a6f2f3f4cee1b91a63 1 parent 668a08e
Seth Chisamore authored April 19, 2011
17  sudo/README.md
Source Rendered
@@ -13,11 +13,15 @@ ATTRIBUTES
13 13
 
14 14
 The following attributes are set to blank arrays:
15 15
 
16  
-    node[:authorization][:sudo][:groups]
17  
-    node[:authorization][:sudo][:users]
  16
+    node['authorization']['sudo']['groups']
  17
+    node['authorization']['sudo']['users']
18 18
 
19 19
 They are passed into the sudoers template which iterates over the values to add sudo permission to the specified users and groups.
20 20
 
  21
+If you prefer to use passwordless sudo just set the following attribute to true:
  22
+
  23
+    node['authorization']['sudo']['passwordless']
  24
+
21 25
 USAGE
22 26
 =====
23 27
 
@@ -26,7 +30,8 @@ To use this cookbook, set the attributes above on the node via a role or the nod
26 30
     "authorization" => {
27 31
       "sudo" => {
28 32
         "groups" => ["admin", "wheel", "sysadmin"],
29  
-        "users" => ["jerry", "greg"]
  33
+        "users" => ["jerry", "greg"],
  34
+        "passwordless" => true
30 35
       }
31 36
     }
32 37
 
@@ -42,7 +47,8 @@ In JSON (role.json or on the node object):
42 47
         "users": [
43 48
           "jerry",
44 49
           "greg"
45  
-        ]
  50
+        ],
  51
+        "passwordless": true
46 52
       }
47 53
     }
48 54
 
@@ -52,8 +58,9 @@ LICENSE AND AUTHOR
52 58
 ==================
53 59
 
54 60
 Author:: Adam Jacob <adam@opscode.com>
  61
+Author:: Seth Chisamore <schisamo@opscode.com>
55 62
 
56  
-Copyright 2009-2010, Opscode, Inc.
  63
+Copyright 2009-2011, Opscode, Inc.
57 64
 
58 65
 Licensed under the Apache License, Version 2.0 (the "License");
59 66
 you may not use this file except in compliance with the License.
7  sudo/attributes/default.rb
@@ -2,7 +2,7 @@
2 2
 # Cookbook Name:: sudo
3 3
 # Attribute File:: sudoers
4 4
 #
5  
-# Copyright 2008-2009, Opscode, Inc.
  5
+# Copyright 2008-2011, Opscode, Inc.
6 6
 #
7 7
 # Licensed under the Apache License, Version 2.0 (the "License");
8 8
 # you may not use this file except in compliance with the License.
@@ -17,5 +17,6 @@
17 17
 # limitations under the License.
18 18
 #
19 19
 
20  
-default[:authorization][:sudo][:groups] = Array.new 
21  
-default[:authorization][:sudo][:users] = Array.new
  20
+default['authorization']['sudo']['groups'] = Array.new 
  21
+default['authorization']['sudo']['users'] = Array.new
  22
+default['authorization']['sudo']['passwordless'] = false
174  sudo/metadata.json
... ...
@@ -1,102 +1,104 @@
1 1
 {
2  
-    "providing": {
3  
-    },
4  
-    "attributes": {
5  
-      "authorization/sudoers/groups": {
6  
-        "required": "optional",
7  
-        "calculated": false,
8  
-        "choice": [
9  
-
10  
-        ],
11  
-        "default": "",
12  
-        "type": "array",
13  
-        "recipes": [
14  
-
15  
-        ],
16  
-        "description": "Groups who are allowed sudo ALL",
17  
-        "display_name": "Sudo Groups"
18  
-      },
19  
-      "authorization": {
20  
-        "required": "optional",
21  
-        "calculated": false,
22  
-        "choice": [
  2
+  "name": "sudo",
  3
+  "description": "Installs sudo and configures /etc/sudoers",
  4
+  "long_description": "",
  5
+  "maintainer": "Opscode, Inc.",
  6
+  "maintainer_email": "cookbooks@opscode.com",
  7
+  "license": "Apache 2.0",
  8
+  "platforms": {
  9
+    "redhat": ">= 0.0.0",
  10
+    "centos": ">= 0.0.0",
  11
+    "fedora": ">= 0.0.0",
  12
+    "ubuntu": ">= 0.0.0",
  13
+    "debian": ">= 0.0.0",
  14
+    "freebsd": ">= 0.0.0"
  15
+  },
  16
+  "dependencies": {
  17
+  },
  18
+  "recommendations": {
  19
+  },
  20
+  "suggestions": {
  21
+  },
  22
+  "conflicting": {
  23
+  },
  24
+  "providing": {
  25
+  },
  26
+  "replacing": {
  27
+  },
  28
+  "attributes": {
  29
+    "authorization": {
  30
+      "display_name": "Authorization",
  31
+      "description": "Hash of Authorization attributes",
  32
+      "type": "hash",
  33
+      "choice": [
23 34
 
24  
-        ],
25  
-        "type": "hash",
26  
-        "recipes": [
27  
-
28  
-        ],
29  
-        "description": "Hash of Authorization attributes",
30  
-        "display_name": "Authorization"
31  
-      },
32  
-      "authorization/sudoers/users": {
33  
-        "required": "optional",
34  
-        "calculated": false,
35  
-        "choice": [
36  
-
37  
-        ],
38  
-        "default": "",
39  
-        "type": "array",
40  
-        "recipes": [
  35
+      ],
  36
+      "calculated": false,
  37
+      "required": "optional",
  38
+      "recipes": [
41 39
 
42  
-        ],
43  
-        "description": "Users who are allowed sudo ALL",
44  
-        "display_name": "Sudo Users"
45  
-      },
46  
-      "authorization/sudoers": {
47  
-        "required": "optional",
48  
-        "calculated": false,
49  
-        "choice": [
  40
+      ]
  41
+    },
  42
+    "authorization/sudoers": {
  43
+      "display_name": "Authorization Sudoers",
  44
+      "description": "Hash of Authorization/Sudoers attributes",
  45
+      "type": "hash",
  46
+      "choice": [
50 47
 
51  
-        ],
52  
-        "type": "hash",
53  
-        "recipes": [
  48
+      ],
  49
+      "calculated": false,
  50
+      "required": "optional",
  51
+      "recipes": [
54 52
 
55  
-        ],
56  
-        "description": "Hash of Authorization/Sudoers attributes",
57  
-        "display_name": "Authorization Sudoers"
58  
-      }
59  
-    },
60  
-    "replacing": {
61  
-    },
62  
-    "dependencies": {
63  
-    },
64  
-    "groupings": {
65  
-    },
66  
-    "recommendations": {
  53
+      ]
67 54
     },
68  
-    "platforms": {
69  
-      "debian": [
  55
+    "authorization/sudoers/users": {
  56
+      "display_name": "Sudo Users",
  57
+      "description": "Users who are allowed sudo ALL",
  58
+      "type": "array",
  59
+      "default": "",
  60
+      "choice": [
70 61
 
71 62
       ],
72  
-      "fedora": [
  63
+      "calculated": false,
  64
+      "required": "optional",
  65
+      "recipes": [
73 66
 
74  
-      ],
75  
-      "centos": [
  67
+      ]
  68
+    },
  69
+    "authorization/sudoers/groups": {
  70
+      "display_name": "Sudo Groups",
  71
+      "description": "Groups who are allowed sudo ALL",
  72
+      "type": "array",
  73
+      "default": "",
  74
+      "choice": [
76 75
 
77 76
       ],
78  
-      "freebsd": [
  77
+      "calculated": false,
  78
+      "required": "optional",
  79
+      "recipes": [
79 80
 
80  
-      ],
81  
-      "ubuntu": [
  81
+      ]
  82
+    },
  83
+    "authorization/sudoers/passwordless": {
  84
+      "display_name": "Passwordless Sudo",
  85
+      "description": "",
  86
+      "type": "string",
  87
+      "default": "false",
  88
+      "choice": [
82 89
 
83 90
       ],
84  
-      "redhat": [
  91
+      "calculated": false,
  92
+      "required": "optional",
  93
+      "recipes": [
85 94
 
86 95
       ]
87  
-    },
88  
-    "license": "Apache 2.0",
89  
-    "version": "0.9.1",
90  
-    "maintainer": "Opscode, Inc.",
91  
-    "suggestions": {
92  
-    },
93  
-    "recipes": {
94  
-      "sudo": "Installs sudo and configures /etc/sudoers"
95  
-    },
96  
-    "maintainer_email": "cookbooks@opscode.com",
97  
-    "name": "sudo",
98  
-    "conflicting": {
99  
-    },
100  
-    "description": "Installs sudo and configures /etc/sudoers",
101  
-    "long_description": ""
102  
-  }
  96
+    }
  97
+  },
  98
+  "groupings": {
  99
+  },
  100
+  "recipes": {
  101
+    "sudo": "Installs sudo and configures /etc/sudoers"
  102
+  },
  103
+  "version": "1.0.0"
  104
+}
8  sudo/metadata.rb
@@ -2,7 +2,7 @@
2 2
 maintainer_email  "cookbooks@opscode.com"
3 3
 license           "Apache 2.0"
4 4
 description       "Installs sudo and configures /etc/sudoers"
5  
-version           "0.9.1"
  5
+version           "1.0.0"
6 6
 
7 7
 recipe "sudo", "Installs sudo and configures /etc/sudoers"
8 8
 
@@ -31,3 +31,9 @@
31 31
   :description => "Groups who are allowed sudo ALL",
32 32
   :type => "array",
33 33
   :default => ""
  34
+
  35
+attribute "authorization/sudoers/passwordless",
  36
+  :display_name => "Passwordless Sudo",
  37
+  :description => "",
  38
+  :type => "string",
  39
+  :default => "false"
7  sudo/recipes/default.rb
@@ -2,7 +2,7 @@
2 2
 # Cookbook Name:: sudo
3 3
 # Recipe:: default
4 4
 #
5  
-# Copyright 2008-2009, Opscode, Inc.
  5
+# Copyright 2008-2011, Opscode, Inc.
6 6
 #
7 7
 # Licensed under the Apache License, Version 2.0 (the "License");
8 8
 # you may not use this file except in compliance with the License.
@@ -27,7 +27,8 @@
27 27
   owner "root"
28 28
   group "root"
29 29
   variables(
30  
-    :sudoers_groups => node[:authorization][:sudo][:groups], 
31  
-    :sudoers_users => node[:authorization][:sudo][:users]
  30
+    :sudoers_groups => node['authorization']['sudo']['groups'],
  31
+    :sudoers_users => node['authorization']['sudo']['users'],
  32
+    :passwordless => node['authorization']['sudo']['passwordless']
32 33
   )
33 34
 end
14  sudo/templates/default/sudoers.erb
... ...
@@ -1,22 +1,22 @@
1 1
 #
2 2
 # /etc/sudoers
3  
-# 
  3
+#
4 4
 # Generated by Chef for <%= node[:fqdn] %>
5  
-# 
  5
+#
6 6
 
7 7
 Defaults        !lecture,tty_tickets,!fqdn
8 8
 
9 9
 # User privilege specification
10  
-root    			ALL=(ALL) ALL
  10
+root          ALL=(ALL) ALL
11 11
 
12 12
 <% @sudoers_users.each do |user| -%>
13  
-<%= user %> ALL=(ALL) ALL
  13
+<%= user %>   ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL
14 14
 <% end -%>
15 15
 
16 16
 # Members of the sysadmin group may gain root privileges
17  
-%sysadmin 		ALL=(ALL) ALL
  17
+%sysadmin     ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL
18 18
 
19 19
 <% @sudoers_groups.each do |group| -%>
20 20
 # Members of the group '<%= group %>' may gain root privileges
21  
-%<%= group %> ALL=(ALL) ALL
22  
-<% end -%>
  21
+%<%= group %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL
  22
+<% end -%>

0 notes on commit ae9f896

Please sign in to comment.
Something went wrong with that request. Please try again.