Commit 84cb280d authored by Pietsch, Martin's avatar Pietsch, Martin

finished template sudoers.j2

parent 11a4e6c4
......@@ -37,6 +37,53 @@
{% endif %}
{% endfor %}
{% macro _get_user_group_line(_uglist) %}
{% set _retval = namespace(value = "" ) %}
{% if _uglist is not defined %}
{% set _retval.value = "ALL" %}
{% elif (_uglist | length ) > 0 %}
{% set _retval.value = _uglist | join(', ') %}
{% else %}
{% set _retval.value = "" %}
{% endif %}
{{- _retval.value -}}
{% endmacro -%}
# User privilege specifications
root ALL=(ALL:ALL) ALL
{% if system_fallback_admin_method == "sudo" %}
{{ '%%%s ALL=(ALL:ALL) ALL' | format(system_fallback_sudo_groupname | default('sudo')) }}
{% endif %}
{% set _sup_line = namespace(value = "", cmds = []) %}
{% for _sudo_user_privileges_item in sudo_user_privileges %}
{% set _sup_line.value = ("%s %s = " | format(_sudo_user_privileges_item.name, _sudo_user_privileges_item.runon | default('ALL'))) %}
{% if (_sudo_user_privileges_item.commands | default([]) | length) > 0 %}
{% for _sudo_user_privileges_command in _sudo_user_privileges_item.commands %}
{% set _sudo_runas_users = _get_user_group_line(_sudo_user_privileges_command.users) %}
{% set _sudo_runas_groups = _get_user_group_line(_sudo_user_privileges_command.groups) %}
{% if _sudo_runas_users != "" or _sudo_runas_groups != "" %}
{% set _sup_line.value = _sup_line.value + "(" -%}
{% if _sudo_runas_users != "" %}
{% set _sup_line.value = _sup_line.value + _sudo_runas_users %}
{% endif %}
{% if _sudo_runas_groups != "" %}
{% set _sup_line.value = _sup_line.value + ":" + _sudo_runas_groups %}
{% endif %}
{% set _sup_line.value = _sup_line.value + ")" %}
{% else %}
{% set _sup_line.value = _sup_line.value + "(ALL:ALL)" %}
{% endif %}
{% set _sup_line.value = (_sup_line.value | trim()) + " " + _sudo_user_privileges_command.options | default('') %}
{% set _sup_line.value = (_sup_line.value | trim()) + " " + _sudo_user_privileges_command.tag | default('') %}
{% set _sup_line.value = (_sup_line.value | trim()) + " " + _sudo_user_privileges_command.paths | default(['ALL']) | join(', ') %}
{% if loop.last == false %}
{% set _sup_line.value = _sup_line.value + ', ' %}
{% endif %}
{% endfor %}
{% else %}
{% set _sup_line.value = _sup_line.value + "(ALL) ALL" %}
{% endif %}
{{- _sup_line.value }}
{% endfor %}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment