augeas sudoer syntax help
119 views
Skip to first unread message
Craig Cook
Dec 18, 2012, 8:55:54 AM12/18/12
to puppet...@googlegroups.com
I have a manifest like this
class sudoer::spectrum {
augeas { "sudoer_spectrum_cmdalias":
context => "/files/etc/sudoers",
changes => [
"set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/name SPECTRUM_CMDS",
"set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[1] '/bin/mount -o loop,ro /opt/CA/iso/* /opt/iso/spectrum/*'",
"set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[2] '/bin/umount /opt/iso/spectrum/*'",
],
}
augeas { "sudoer_spectrum":
context => "/files/etc/sudoers",
changes => [
"set spec[user = 'spectrum']/user spectrum",
"set spec[user = 'spectrum']/host_group/host ALL",
"set spec[user = 'spectrum']/host_group/command/runas_user root",
"set spec[user = 'spectrum']/host_group/command/tag NOPASSWD",
"set spec[user = 'spectrum']/host_group/command SPECTRUM_CMDS",
],
}
}
But this fails.
The "loop,ro" upsets things.
I also tried this
"set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[1] '/bin/mount -o loop\,ro /opt/CA/iso/* /opt/iso/spectrum/*'",
But the \ is passed through to the client file.
Cmnd_Alias SPECTRUM_CMDS = /bin/mount -o loop\,ro /optCA/iso/* /opt/iso/spectrum/* , /bin/umount /opt/iso/spectrum/*
I see something called sep_com used with augeas, but I am not clear on how to use it.
If I remove the ",ro" the sudoers file is upated on the client, but without the "ro", the mount command fails.
How do I put a , in the middle of the line? Or, how do I add a : in the middle of the line as well, like this
"set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[3] '/bin/chown -R spectrum:spectrum /opt/iso/spectrum/*'",
The "loop,ro" upsets things.
I also tried this
"set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[1] '/bin/mount -o loop\,ro /opt/CA/iso/* /opt/iso/spectrum/*'",
But the \ is passed through to the client file.
Cmnd_Alias SPECTRUM_CMDS = /bin/mount -o loop\,ro /optCA/iso/* /opt/iso/spectrum/* , /bin/umount /opt/iso/spectrum/*
I see something called sep_com used with augeas, but I am not clear on how to use it.
If I remove the ",ro" the sudoers file is upated on the client, but without the "ro", the mount command fails.
How do I put a , in the middle of the line? Or, how do I add a : in the middle of the line as well, like this
"set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[3] '/bin/chown -R spectrum:spectrum /opt/iso/spectrum/*'",
Or, do I need to rethink how to update sudoers files?
Thanks
Craig
Keiran Sweet
Dec 18, 2012, 10:26:46 AM12/18/12
to puppet...@googlegroups.com, Craig Cook
Hi There,
Rather than building out files dynamically, have you considered possibly deploying snippets of sudoers configuration out to nodes using the /etc/sudoers.d/ framework that is available on many operating systems ?
This can be easily handled using the File type and applied to nodes as required / classified.
However, it may not offer the flexibility you require.
K
Reply all
Reply to author
Forward
0 new messages