From d45f08e82ebd217fa5ebbb08b9e4859aaf7cf58a Mon Sep 17 00:00:00 2001 From: Yavor Yanchev Date: Mon, 27 Jul 2015 20:37:52 +0300 Subject: [PATCH] JCLOUDS-973 Extending the sudo's configuration - Adding env_reset to the default configuration in /etc/sudoers - Adding secure_path to the default configuration in /etc/sudoers - secure_path value is "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" --- compute/src/test/resources/initscript_with_java.sh | 2 ++ compute/src/test/resources/initscript_with_jetty.sh | 2 ++ compute/src/test/resources/runscript_adminUpdate.sh | 2 ++ .../jclouds/scriptbuilder/statements/login/Sudoers.java | 7 ++++++- .../scriptbuilder/statements/login/SudoStatementsTest.java | 2 ++ .../src/test/resources/test_adminaccess_flipped.sh | 2 ++ .../src/test/resources/test_adminaccess_params.sh | 2 ++ .../test/resources/test_adminaccess_params_and_fullname.sh | 2 ++ .../src/test/resources/test_adminaccess_standard.sh | 2 ++ 9 files changed, 22 insertions(+), 1 deletion(-) diff --git a/compute/src/test/resources/initscript_with_java.sh b/compute/src/test/resources/initscript_with_java.sh index f0b1480489..0766e80a42 100644 --- a/compute/src/test/resources/initscript_with_java.sh +++ b/compute/src/test/resources/initscript_with_java.sh @@ -204,6 +204,8 @@ END_OF_JCLOUDS_SCRIPT rm -f $INSTANCE_HOME/rc trap 'echo $?>$INSTANCE_HOME/rc' 0 1 2 3 15 cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE' + Defaults env_reset + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL = (ALL) ALL %wheel ALL = (ALL) NOPASSWD:ALL END_OF_JCLOUDS_FILE diff --git a/compute/src/test/resources/initscript_with_jetty.sh b/compute/src/test/resources/initscript_with_jetty.sh index ce5a6f4625..87ee905641 100644 --- a/compute/src/test/resources/initscript_with_jetty.sh +++ b/compute/src/test/resources/initscript_with_jetty.sh @@ -204,6 +204,8 @@ END_OF_JCLOUDS_SCRIPT rm -f $INSTANCE_HOME/rc trap 'echo $?>$INSTANCE_HOME/rc' 0 1 2 3 15 cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE' + Defaults env_reset + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL = (ALL) ALL %wheel ALL = (ALL) NOPASSWD:ALL END_OF_JCLOUDS_FILE diff --git a/compute/src/test/resources/runscript_adminUpdate.sh b/compute/src/test/resources/runscript_adminUpdate.sh index 8c4d7c5ae9..d7ebedcb2b 100644 --- a/compute/src/test/resources/runscript_adminUpdate.sh +++ b/compute/src/test/resources/runscript_adminUpdate.sh @@ -85,6 +85,8 @@ END_OF_JCLOUDS_SCRIPT rm -f $INSTANCE_HOME/rc trap 'echo $?>$INSTANCE_HOME/rc' 0 1 2 3 15 cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE' + Defaults env_reset + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL = (ALL) ALL %wheel ALL = (ALL) NOPASSWD:ALL END_OF_JCLOUDS_FILE diff --git a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/Sudoers.java b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/Sudoers.java index 375d9c7422..e4f200f475 100644 --- a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/Sudoers.java +++ b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/Sudoers.java @@ -41,7 +41,12 @@ public class Sudoers implements Statement { if (family == OsFamily.WINDOWS) throw new UnsupportedOperationException("windows not yet implemented"); Builder statements = ImmutableList.builder(); - statements.add(createOrOverwriteFile(sudoers, ImmutableSet.of("root ALL = (ALL) ALL", "%wheel ALL = (ALL) NOPASSWD:ALL"))); + statements.add(createOrOverwriteFile(sudoers, ImmutableSet.of( + "Defaults env_reset", + "Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"", + "root ALL = (ALL) ALL", + "%wheel ALL = (ALL) NOPASSWD:ALL")) + ); statements.add(exec("chmod 0440 " + sudoers)); return new StatementList(statements.build()).render(family); } diff --git a/scriptbuilder/src/test/java/org/jclouds/scriptbuilder/statements/login/SudoStatementsTest.java b/scriptbuilder/src/test/java/org/jclouds/scriptbuilder/statements/login/SudoStatementsTest.java index 38a72478a5..7254b82b4b 100644 --- a/scriptbuilder/src/test/java/org/jclouds/scriptbuilder/statements/login/SudoStatementsTest.java +++ b/scriptbuilder/src/test/java/org/jclouds/scriptbuilder/statements/login/SudoStatementsTest.java @@ -28,6 +28,8 @@ public class SudoStatementsTest { assertEquals( SudoStatements.createWheel().render(OsFamily.UNIX), "cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE'\n" + + "\tDefaults env_reset\n" + + "\tDefaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\n" + "\troot ALL = (ALL) ALL\n" + "\t%wheel ALL = (ALL) NOPASSWD:ALL\n" + "END_OF_JCLOUDS_FILE\n" + diff --git a/scriptbuilder/src/test/resources/test_adminaccess_flipped.sh b/scriptbuilder/src/test/resources/test_adminaccess_flipped.sh index 7c7f9d8430..5fec29ab6d 100644 --- a/scriptbuilder/src/test/resources/test_adminaccess_flipped.sh +++ b/scriptbuilder/src/test/resources/test_adminaccess_flipped.sh @@ -1,5 +1,7 @@ rm /etc/sudoers cat >> /etc/sudoers <<'END_OF_FILE' +Defaults env_reset +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL = (ALL) ALL %wheel ALL = (ALL) NOPASSWD:ALL END_OF_FILE diff --git a/scriptbuilder/src/test/resources/test_adminaccess_params.sh b/scriptbuilder/src/test/resources/test_adminaccess_params.sh index bdd99d1867..61ef3ad04a 100644 --- a/scriptbuilder/src/test/resources/test_adminaccess_params.sh +++ b/scriptbuilder/src/test/resources/test_adminaccess_params.sh @@ -1,4 +1,6 @@ cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE' + Defaults env_reset + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL = (ALL) ALL %wheel ALL = (ALL) NOPASSWD:ALL END_OF_JCLOUDS_FILE diff --git a/scriptbuilder/src/test/resources/test_adminaccess_params_and_fullname.sh b/scriptbuilder/src/test/resources/test_adminaccess_params_and_fullname.sh index aeec0aebd7..1481337bc7 100644 --- a/scriptbuilder/src/test/resources/test_adminaccess_params_and_fullname.sh +++ b/scriptbuilder/src/test/resources/test_adminaccess_params_and_fullname.sh @@ -1,4 +1,6 @@ cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE' + Defaults env_reset + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL = (ALL) ALL %wheel ALL = (ALL) NOPASSWD:ALL END_OF_JCLOUDS_FILE diff --git a/scriptbuilder/src/test/resources/test_adminaccess_standard.sh b/scriptbuilder/src/test/resources/test_adminaccess_standard.sh index 7f2e3c0c08..25fca5f1ee 100644 --- a/scriptbuilder/src/test/resources/test_adminaccess_standard.sh +++ b/scriptbuilder/src/test/resources/test_adminaccess_standard.sh @@ -1,4 +1,6 @@ cat > /etc/sudoers <<-'END_OF_JCLOUDS_FILE' + Defaults env_reset + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL = (ALL) ALL %wheel ALL = (ALL) NOPASSWD:ALL END_OF_JCLOUDS_FILE