diff options
author | Rick Bradshow <bradshaw@mcs.anl.gov> | 2007-03-12 21:25:23 +0000 |
---|---|---|
committer | Rick Bradshow <bradshaw@mcs.anl.gov> | 2007-03-12 21:25:23 +0000 |
commit | 6f641c969b08e2655836ad1cc13abc32d9f98296 (patch) | |
tree | 75100371976673e94052ea626a9214d3c0f8f6f2 | |
parent | f26d82ad3282395a52109291328a2230b2d68922 (diff) | |
download | bcfg2-6f641c969b08e2655836ad1cc13abc32d9f98296.tar.gz bcfg2-6f641c969b08e2655836ad1cc13abc32d9f98296.tar.bz2 bcfg2-6f641c969b08e2655836ad1cc13abc32d9f98296.zip |
this is the updated version which also hacks the sudoers file. there is a catch where you need a sudoers template or static file, but I will fix that in the
future.
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@2931 ce84e21b-d406-0410-9b95-82705330c041
-rw-r--r-- | src/lib/Server/Plugins/Account.py | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/lib/Server/Plugins/Account.py b/src/lib/Server/Plugins/Account.py index 076afa032..bf530af4d 100644 --- a/src/lib/Server/Plugins/Account.py +++ b/src/lib/Server/Plugins/Account.py @@ -21,7 +21,8 @@ class Account(Bcfg2.Server.Plugin.Plugin): self.Entries = {'ConfigFile':{'/etc/passwd':self.from_yp_cb, '/etc/group':self.from_yp_cb, '/etc/security/limits.conf':self.gen_limits_cb, - '/root/.ssh/authorized_keys':self.gen_root_keys_cb}} + '/root/.ssh/authorized_keys':self.gen_root_keys_cb, + '/etc/sudoers':self.gen_sudoers}} try: self.repository = Bcfg2.Server.Plugin.DirectoryBacked(self.data, self.core.fam) except: @@ -57,3 +58,13 @@ class Account(Bcfg2.Server.Plugin.Plugin): entry.text = "".join([rdata["%s.key" % user].data for user in superusers if rdata.has_key("%s.key" % user)]) perms = {'owner':'root', 'group':'root', 'perms':'0600'} [entry.attrib.__setitem__(key, value) for (key, value) in perms.iteritems()] + + def gen_sudoers(self, entry, metadata): + '''Build root authorized keys file based on current ACLs''' + superusers = self.repository.entries['superusers'].data.split() + rootlike = [line.split(':', 1) for line in self.repository.entries['rootlike'].data.split()] + superusers += [user for (user, host) in rootlike if host == metadata.hostname.split('.')[0]] + rdata = self.repository.entries + entry.text = self.repository.entries['static.sudoers'].data%",".join(superusers) + perms = {'owner':'root', 'group':'root', 'perms':'0400'} + [entry.attrib.__setitem__(key, value) for (key, value) in perms.iteritems()] |