summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRick Bradshow <bradshaw@mcs.anl.gov>2007-03-12 21:25:23 +0000
committerRick Bradshow <bradshaw@mcs.anl.gov>2007-03-12 21:25:23 +0000
commit6f641c969b08e2655836ad1cc13abc32d9f98296 (patch)
tree75100371976673e94052ea626a9214d3c0f8f6f2
parentf26d82ad3282395a52109291328a2230b2d68922 (diff)
downloadbcfg2-6f641c969b08e2655836ad1cc13abc32d9f98296.tar.gz
bcfg2-6f641c969b08e2655836ad1cc13abc32d9f98296.tar.bz2
bcfg2-6f641c969b08e2655836ad1cc13abc32d9f98296.zip
this is the updated version which also hacks the sudoers file. there is a catch where you need a sudoers template or static file, but I will fix that in the
future. git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@2931 ce84e21b-d406-0410-9b95-82705330c041
-rw-r--r--src/lib/Server/Plugins/Account.py13
1 files changed, 12 insertions, 1 deletions
diff --git a/src/lib/Server/Plugins/Account.py b/src/lib/Server/Plugins/Account.py
index 076afa032..bf530af4d 100644
--- a/src/lib/Server/Plugins/Account.py
+++ b/src/lib/Server/Plugins/Account.py
@@ -21,7 +21,8 @@ class Account(Bcfg2.Server.Plugin.Plugin):
self.Entries = {'ConfigFile':{'/etc/passwd':self.from_yp_cb,
'/etc/group':self.from_yp_cb,
'/etc/security/limits.conf':self.gen_limits_cb,
- '/root/.ssh/authorized_keys':self.gen_root_keys_cb}}
+ '/root/.ssh/authorized_keys':self.gen_root_keys_cb,
+ '/etc/sudoers':self.gen_sudoers}}
try:
self.repository = Bcfg2.Server.Plugin.DirectoryBacked(self.data, self.core.fam)
except:
@@ -57,3 +58,13 @@ class Account(Bcfg2.Server.Plugin.Plugin):
entry.text = "".join([rdata["%s.key" % user].data for user in superusers if rdata.has_key("%s.key" % user)])
perms = {'owner':'root', 'group':'root', 'perms':'0600'}
[entry.attrib.__setitem__(key, value) for (key, value) in perms.iteritems()]
+
+ def gen_sudoers(self, entry, metadata):
+ '''Build root authorized keys file based on current ACLs'''
+ superusers = self.repository.entries['superusers'].data.split()
+ rootlike = [line.split(':', 1) for line in self.repository.entries['rootlike'].data.split()]
+ superusers += [user for (user, host) in rootlike if host == metadata.hostname.split('.')[0]]
+ rdata = self.repository.entries
+ entry.text = self.repository.entries['static.sudoers'].data%",".join(superusers)
+ perms = {'owner':'root', 'group':'root', 'perms':'0400'}
+ [entry.attrib.__setitem__(key, value) for (key, value) in perms.iteritems()]