Commit b4783e6b authored by Pietsch, Martin's avatar Pietsch, Martin

continued documentation

parent 76df5fcd
Description
===========
This role installs and configures the sudo utility.
This role installs and configures the sudo utility. The following prefixed characters are used to distinguish between users and groups:
* <none> = user name or user alias
* # = UID of user
* % = group name
* %# = GID of group
* + = netgroup
* %: = non unix group name
* %:# = GID of non unix group
If the system variable `system_fallback_admin_method` is set to `sudo`, the specified fallback group (`system_fallback_groupname`) is automatically added to the sudoers file with full administration privileges.
Requirements
============
......@@ -9,12 +19,28 @@ Requirements
Variables
----------
* sudo_sudoers_file:
* description:
* This option specifies the sudoers file for sudo.
* default: sudoers.j2
* sudo_config:
* description:
* This option specifies the configuration file for sudo.
* default: undefined
* sudo_defaults:
* description:
* This option is a list of `sudo_defaults_item`. This items contain the default values for all sudo options.
* This option is a list of `sudo_defaults_item`. These items contain the default values for all sudo options.
* default:
- name: "env_keep"
parameters: ["+DISPLAY HOME"]
parameters:
- "+DISPLAY HOME"
- "+LANG LANGUAGE LC_*"
- name: "secure_path"
parameters:
- "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
* sudo_defaults_item:
* description:
......@@ -22,13 +48,13 @@ Variables
* The keys are:
* name: The name of the sudo option.
* parameters: This key contains a list of all option parameters. A leading `+` adds a the value to a list option and a leading `-` removes it.
* type: The type key specifies the type that is affected by this option and these parameters. Types are: all (default), hosts, cmnds, users, runas
* type: The type key specifies the type that is affected by this option and these parameters. Possible type values are: all (default), host, cmnd, user, runas
* assignto: If the type is not set to `all`, a single name or list of names to which the parameters are to be assigned must be set.
* enabled: Specifies if the sudo option is enabled (true) or disabled (false). The default value is true.
* sudo_aliases:
* description:
* This option is a list of `sudo_aliases_item`. This items contain the alias names for lists of users, hosts, commands or runas members.
* This option is a list of `sudo_aliases_item`. These items contain the alias names for lists of users, hosts, commands or runas members.
* default: []
* sudo_aliases_item:
......@@ -36,21 +62,46 @@ Variables
* This item type is a dictionary and contains a alias name for a list of users, hosts, commands or runas members.
* The keys are:
* name: The name of the alias.
* type: The type key specifies the type of the alias: Possible types are: host, cmnd, user, runas
* type: The type key specifies the type of the alias: Possible type values are: host, cmnd, user, runas
* members: The key `members` is a list of all alias members.
* sudo_user_privileges:
* description:
* This option is a list of `sudo_user_privileges_item`. These items contain execution privileges for users and groups.
* default: []
* sudo_user_privileges_item:
* description:
* This item type is a dictionary and contain the execution privileges for a user or group.
* The keys are:
* name: name of the user or group.
* runon: Permission to run on given host(s). Default: ALL
* commands: A list of `sudo_user_privileges_command`. These items contain all commands with their permissions. An empty list means that all commands are executable without special permissions.
* sudo_user_privileges_command:
* description:
* This item type is a dictionary and contains all commands with their permissions.
* The keys are:
* users: This list contains users that a command may be run as. If this key is not defined, the commands can be executed with all users. Default: undefined
* groups: This list contains groups that a command may be run as. If this key is not defined, the commands can be executed with all groups. Default: undefined
* options: This key specifies additional options for SELinux, run date and timeout of the command (see man 5 sudoers).
* tag: This key contains a tag that a command associated with it. All supported tags can be found in the manual (see man 5 sudoers).
* paths: This is a list with the commands paths. The paths should be absolute. If this list is empty or undefined, then all commands are associated with the specified permissions.
Processes
=========
main
----
1. NOP
1. execute configuration
configure
---------
1. NOP
1. install sudo configuration (sudo.conf), if it is specified.
2. install sudoers configuration
License
=======
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment