1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# author: Stephan Renatus
#
# chef-apply script to fix sudoers configuration
#
# This script can be used to setup a user's sudoers configuration to allow for
# using non-interactive sessions. It's main use case is fixing the default
# configuration on RHEL and SEL distributions.
#
# The user name has to be provided in the env variable "TRAIN_SUDO_USER".
# If any configuration for the user is present (user is in /etc/sudoers or
# /etc/sudoers.d/user exists), this script will do nothing
# (unless you set TRAIN_SUDO_VERY_MUCH=yes)
# FIXME
user = ENV["TRAIN_SUDO_USER"] || "todo-some-clever-default-maybe-current-user"
sudoer = "/etc/sudoers.d/#{user}"
log "Warning: a sudoers configuration for user #{user} already exists, "\
"doing nothing (override with TRAIN_SUDO_VERY_MUCH=yes)" do
only_if "test -f #{sudoer} || grep #{user} /etc/sudoers"
end
file sudoer do
content "#{user} ALL=(root) NOPASSWD:ALL\n"\
"Defaults:#{user} !requiretty\n"
mode 0600
action ENV["TRAIN_SUDO_VERY_MUCH"] == "yes" ? :create : :create_if_missing
# Do not add something here if the user is mentioned explicitly in /etc/sudoers
not_if "grep #{user} /etc/sudoers"
end
# /!\ broken files in /etc/sudoers.d/ will break sudo for ALL USERS /!\
execute "revert: delete the file if it's broken" do
command "rm #{sudoer}"
not_if "visudo -c -f #{sudoer}" # file is ok
end
|
