Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Import sudo version 1.0.0

  • Loading branch information...
commit 3ff16833515ec4060a98eb8ec13d7ecd224c2573 1 parent ecbcdbb
@schisamo schisamo authored
View
75 cookbooks/sudo/README.md
@@ -0,0 +1,75 @@
+DESCRIPTION
+===========
+
+This cookbook installs sudo and configures the /etc/sudoers file.
+
+REQUIREMENTS
+============
+
+Requires that the platform has a package named sudo and the sudoers file is /etc/sudoers.
+
+ATTRIBUTES
+==========
+
+The following attributes are set to blank arrays:
+
+ node['authorization']['sudo']['groups']
+ node['authorization']['sudo']['users']
+
+They are passed into the sudoers template which iterates over the values to add sudo permission to the specified users and groups.
+
+If you prefer to use passwordless sudo just set the following attribute to true:
+
+ node['authorization']['sudo']['passwordless']
+
+USAGE
+=====
+
+To use this cookbook, set the attributes above on the node via a role or the node object itself. In a role.rb:
+
+ "authorization" => {
+ "sudo" => {
+ "groups" => ["admin", "wheel", "sysadmin"],
+ "users" => ["jerry", "greg"],
+ "passwordless" => true
+ }
+ }
+
+In JSON (role.json or on the node object):
+
+ "authorization": {
+ "sudo": {
+ "groups": [
+ "admin",
+ "wheel",
+ "sysadmin"
+ ],
+ "users": [
+ "jerry",
+ "greg"
+ ],
+ "passwordless": true
+ }
+ }
+
+Note that the template for the sudoers file has the group "sysadmin" with ALL:ALL permission, though the group by default does not exist.
+
+LICENSE AND AUTHOR
+==================
+
+Author:: Adam Jacob <adam@opscode.com>
+Author:: Seth Chisamore <schisamo@opscode.com>
+
+Copyright 2009-2011, Opscode, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
View
22 cookbooks/sudo/attributes/default.rb
@@ -0,0 +1,22 @@
+#
+# Cookbook Name:: sudo
+# Attribute File:: sudoers
+#
+# Copyright 2008-2011, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default['authorization']['sudo']['groups'] = Array.new
+default['authorization']['sudo']['users'] = Array.new
+default['authorization']['sudo']['passwordless'] = false
View
104 cookbooks/sudo/metadata.json
@@ -0,0 +1,104 @@
+{
+ "name": "sudo",
+ "description": "Installs sudo and configures /etc/sudoers",
+ "long_description": "",
+ "maintainer": "Opscode, Inc.",
+ "maintainer_email": "cookbooks@opscode.com",
+ "license": "Apache 2.0",
+ "platforms": {
+ "redhat": ">= 0.0.0",
+ "centos": ">= 0.0.0",
+ "fedora": ">= 0.0.0",
+ "ubuntu": ">= 0.0.0",
+ "debian": ">= 0.0.0",
+ "freebsd": ">= 0.0.0"
+ },
+ "dependencies": {
+ },
+ "recommendations": {
+ },
+ "suggestions": {
+ },
+ "conflicting": {
+ },
+ "providing": {
+ },
+ "replacing": {
+ },
+ "attributes": {
+ "authorization": {
+ "display_name": "Authorization",
+ "description": "Hash of Authorization attributes",
+ "type": "hash",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "authorization/sudoers": {
+ "display_name": "Authorization Sudoers",
+ "description": "Hash of Authorization/Sudoers attributes",
+ "type": "hash",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "authorization/sudoers/users": {
+ "display_name": "Sudo Users",
+ "description": "Users who are allowed sudo ALL",
+ "type": "array",
+ "default": "",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "authorization/sudoers/groups": {
+ "display_name": "Sudo Groups",
+ "description": "Groups who are allowed sudo ALL",
+ "type": "array",
+ "default": "",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "authorization/sudoers/passwordless": {
+ "display_name": "Passwordless Sudo",
+ "description": "",
+ "type": "string",
+ "default": "false",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "required": "optional",
+ "recipes": [
+
+ ]
+ }
+ },
+ "groupings": {
+ },
+ "recipes": {
+ "sudo": "Installs sudo and configures /etc/sudoers"
+ },
+ "version": "1.0.0"
+}
View
39 cookbooks/sudo/metadata.rb
@@ -0,0 +1,39 @@
+maintainer "Opscode, Inc."
+maintainer_email "cookbooks@opscode.com"
+license "Apache 2.0"
+description "Installs sudo and configures /etc/sudoers"
+version "1.0.0"
+
+recipe "sudo", "Installs sudo and configures /etc/sudoers"
+
+%w{redhat centos fedora ubuntu debian freebsd}.each do |os|
+ supports os
+end
+
+attribute "authorization",
+ :display_name => "Authorization",
+ :description => "Hash of Authorization attributes",
+ :type => "hash"
+
+attribute "authorization/sudoers",
+ :display_name => "Authorization Sudoers",
+ :description => "Hash of Authorization/Sudoers attributes",
+ :type => "hash"
+
+attribute "authorization/sudoers/users",
+ :display_name => "Sudo Users",
+ :description => "Users who are allowed sudo ALL",
+ :type => "array",
+ :default => ""
+
+attribute "authorization/sudoers/groups",
+ :display_name => "Sudo Groups",
+ :description => "Groups who are allowed sudo ALL",
+ :type => "array",
+ :default => ""
+
+attribute "authorization/sudoers/passwordless",
+ :display_name => "Passwordless Sudo",
+ :description => "",
+ :type => "string",
+ :default => "false"
View
34 cookbooks/sudo/recipes/default.rb
@@ -0,0 +1,34 @@
+#
+# Cookbook Name:: sudo
+# Recipe:: default
+#
+# Copyright 2008-2011, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package "sudo" do
+ action :upgrade
+end
+
+template "/etc/sudoers" do
+ source "sudoers.erb"
+ mode 0440
+ owner "root"
+ group "root"
+ variables(
+ :sudoers_groups => node['authorization']['sudo']['groups'],
+ :sudoers_users => node['authorization']['sudo']['users'],
+ :passwordless => node['authorization']['sudo']['passwordless']
+ )
+end
View
22 cookbooks/sudo/templates/default/sudoers.erb
@@ -0,0 +1,22 @@
+#
+# /etc/sudoers
+#
+# Generated by Chef for <%= node[:fqdn] %>
+#
+
+Defaults !lecture,tty_tickets,!fqdn
+
+# User privilege specification
+root ALL=(ALL) ALL
+
+<% @sudoers_users.each do |user| -%>
+<%= user %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL
+<% end -%>
+
+# Members of the sysadmin group may gain root privileges
+%sysadmin ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL
+
+<% @sudoers_groups.each do |group| -%>
+# Members of the group '<%= group %>' may gain root privileges
+%<%= group %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless %>ALL
+<% end -%>
Please sign in to comment.
Something went wrong with that request. Please try again.