JCLOUDS-973 Extending the sudo's configuration

- Adding env_reset to the default configuration in /etc/sudoers
- Adding secure_path to the default configuration in /etc/sudoers
- secure_path value is
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
This commit is contained in:
Yavor Yanchev 2015-07-27 20:37:52 +03:00 committed by Ignasi Barrera
parent 496e27f1af
commit d45f08e82e
9 changed files with 22 additions and 1 deletions

View File

@ -204,6 +204,8 @@ END_OF_JCLOUDS_SCRIPT
rm -f $INSTANCE_HOME/rc
trap 'echo $?>$INSTANCE_HOME/rc' 0 1 2 3 15
cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE'
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL = (ALL) ALL
%wheel ALL = (ALL) NOPASSWD:ALL
END_OF_JCLOUDS_FILE

View File

@ -204,6 +204,8 @@ END_OF_JCLOUDS_SCRIPT
rm -f $INSTANCE_HOME/rc
trap 'echo $?>$INSTANCE_HOME/rc' 0 1 2 3 15
cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE'
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL = (ALL) ALL
%wheel ALL = (ALL) NOPASSWD:ALL
END_OF_JCLOUDS_FILE

View File

@ -85,6 +85,8 @@ END_OF_JCLOUDS_SCRIPT
rm -f $INSTANCE_HOME/rc
trap 'echo $?>$INSTANCE_HOME/rc' 0 1 2 3 15
cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE'
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL = (ALL) ALL
%wheel ALL = (ALL) NOPASSWD:ALL
END_OF_JCLOUDS_FILE

View File

@ -41,7 +41,12 @@ public class Sudoers implements Statement {
if (family == OsFamily.WINDOWS)
throw new UnsupportedOperationException("windows not yet implemented");
Builder<Statement> statements = ImmutableList.builder();
statements.add(createOrOverwriteFile(sudoers, ImmutableSet.of("root ALL = (ALL) ALL", "%wheel ALL = (ALL) NOPASSWD:ALL")));
statements.add(createOrOverwriteFile(sudoers, ImmutableSet.of(
"Defaults env_reset",
"Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"",
"root ALL = (ALL) ALL",
"%wheel ALL = (ALL) NOPASSWD:ALL"))
);
statements.add(exec("chmod 0440 " + sudoers));
return new StatementList(statements.build()).render(family);
}

View File

@ -28,6 +28,8 @@ public class SudoStatementsTest {
assertEquals(
SudoStatements.createWheel().render(OsFamily.UNIX),
"cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE'\n" +
"\tDefaults env_reset\n" +
"\tDefaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\n" +
"\troot ALL = (ALL) ALL\n" +
"\t%wheel ALL = (ALL) NOPASSWD:ALL\n" +
"END_OF_JCLOUDS_FILE\n" +

View File

@ -1,5 +1,7 @@
rm /etc/sudoers
cat >> /etc/sudoers <<'END_OF_FILE'
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL = (ALL) ALL
%wheel ALL = (ALL) NOPASSWD:ALL
END_OF_FILE

View File

@ -1,4 +1,6 @@
cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE'
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL = (ALL) ALL
%wheel ALL = (ALL) NOPASSWD:ALL
END_OF_JCLOUDS_FILE

View File

@ -1,4 +1,6 @@
cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE'
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL = (ALL) ALL
%wheel ALL = (ALL) NOPASSWD:ALL
END_OF_JCLOUDS_FILE

View File

@ -1,4 +1,6 @@
cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE'
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL = (ALL) ALL
%wheel ALL = (ALL) NOPASSWD:ALL
END_OF_JCLOUDS_FILE