Default SIMP Sudoers config
48 views
Skip to first unread message
Brian S
Nov 13, 2016, 11:17:00 PM11/13/16
to SIMP Q&A Forum
Hi-
I am in the process of building SIMP and am having an issue with the sudoers file. The initial build on CENTOS 7.2.1511 went fine. I am compiled from the source on Nov 9, checking out the DentAuthorDent branch. Once the SIMP bootstrap is completed and I add both a "test" user to ldap and the admin group I am unable to use sudo. I looked at the /etc/sudoers file and there is no mention of the default SIMP sudo rules as mentioned in http://simp.readthedocs.io/en/master/security_mapping/components/simp/authorize_access_to_security_functions/control.html?highlight=sudo.
Where in the SIMP code is the default sudoers file getting applied or do i need to change the puppet server yaml file?
FYI: As a temporary fix I manually changed the /etc/sudoers file to allow the administrators group to use sudosh. Upon rerunning puppet agent -t the file was not changed.
Thanks-
Brian
Nick Miller
Nov 14, 2016, 11:27:42 AM11/14/16
to Brian S, SIMP Q&A Forum
Good morning!
I have been trying to `sudo` as my user, based on this code:sudo::user_specification { 'nick_everything':
user_list => 'nick',
passwd => false,
cmnd => 'ALL',
runas => 'ALL'
}
But I am still being asked for my password and am unable to run anything as `sudo`. It seems that it is having some issues. I have created a ticket for this issue: https://simp-project.atlassian.net/browse/SIMP-1997
Can you send me the code that you are using? Can you also validate that your test user is in the `administrators` LDAP group?
Can you send me the code that you are using? Can you also validate that your test user is in the `administrators` LDAP group?
Thanks,
Nick
--
You received this message because you are subscribed to the Google Groups "SIMP Q&A Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simp+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simp/46a17ba6-2d4e-4064-8412-0e0b6542c0ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Nicholas Miller 7050 Hi Tech Drive, Suite 102 Hanover, MD. 21076 | |
Trevor Vaughan
Nov 14, 2016, 2:38:06 PM11/14/16
to Nick Miller, Brian S, SIMP Q&A Forum
FYI, we just tracked this down to a bug with using the puppet *server* vardir in the simpcat module and are working on a fix.
To view this discussion on the web visit https://groups.google.com/d/msgid/simp/CAHY4EYPKfbKAJdwQaO_LLbF-ZOfJ3K0%3DDJeOb24A%2Bmj9zENPQQ%40mail.gmail.com.
Trevor Vaughan
Vice President, Onyx Point, Inc
Vice President, Onyx Point, Inc
-- This account not approved for unencrypted proprietary information --
Nick Miller
Nov 16, 2016, 2:41:01 PM11/16/16
to Trevor Vaughan, Brian S, SIMP Q&A Forum
Brian,
We have just pushed through our fix for SIMP-1999, which should fix this issue. The master branch of simpcat contains the fixes. You can just clone the repo into the module of your existing SIMP server, or recompile a new package.
Once applied, the changes should be propagated and your sudoers file will actually be different than stock CentOS.
Thanks again for reporting this issue,
Brian S
Nov 16, 2016, 2:42:49 PM11/16/16
to SIMP Q&A Forum, tvau...@onyxpoint.com, brians...@gmail.com
Thanks for the update! I will clone simpcat repo and let you know if i have any issues.
-Brian
To unsubscribe from this group and stop receiving emails from it, send an email to simp+uns...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simp/46a17ba6-2d4e-4064-8412-0e0b6542c0ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Nicholas Miller
Consultant | Onyx Point, Inc.7050 Hi Tech Drive, Suite 102
Hanover, MD. 21076
e: nick....@onyxpoint.com
w: 443-655-3675
--
You received this message because you are subscribed to the Google Groups "SIMP Q&A Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simp+uns...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simp/CAHY4EYPKfbKAJdwQaO_LLbF-ZOfJ3K0%3DDJeOb24A%2Bmj9zENPQQ%40mail.gmail.com.
--Trevor Vaughan
Vice President, Onyx Point, Inc
-- This account not approved for unencrypted proprietary information --
Reply all
Reply to author
Forward
0 new messages