diff --git a/Python/etc/sudoers b/Python/etc/sudoers index 4b1c27f..0f2c5fe 100644 --- a/Python/etc/sudoers +++ b/Python/etc/sudoers @@ -17,15 +17,9 @@ header("Configuration du sudo") if has("users"): @Defaults:ALL tty_tickets -if has("wheezy"): - addit = ":ALL" -else: - addit = "" - @Defaults env_keep += "DARCS_EMAIL EDITOR PYTHONIOENCODING GIT_*" -if has("wheezy"): - @Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +@Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" @Defaults passprompt_override @Defaults passprompt="[sudo] password for %p on %h: " @@ -46,59 +40,59 @@ elif has("2B"): @# Cmnd alias specification @# User privilege specification -print "root ALL=(ALL%s) ALL" % (addit) -print "NOUNOUS ALL=(ALL%s) ALL" % (addit) +print "root ALL=(ALL:ALL) ALL" +print "NOUNOUS ALL=(ALL:ALL) ALL" if has("2B"): - print "RESPBATS ALL=(root%s) NOPASSWD: /usr/scripts/gestion/tools/who2b.py" % (addit) + print "RESPBATS ALL=(root:ALL) NOPASSWD: /usr/scripts/gestion/tools/who2b.py" if has("users"): @# Les modérateurs ont le whos - print "MODEROS ALL=(respbats%s) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py" % (addit) + print "MODEROS ALL=(respbats:ALL) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py" @# Câbleurs - print "RESPBATS ALL=(respbats%s) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py" % (addit) - print "RESPBATS ALL=(respbats%s) /usr/scripts/gestion/ldap_crans.py --zombielock" % (addit) - print "RESPBATS ALL=(respbats%s) /usr/scripts/gestion/ldap_crans.py --purgelock" % (addit) - print "RESPBATS ALL=(respbats%s) /usr/scripts/admin/mail_invalide/mail_invalide.py, /usr/scripts/admin/controle_tresorier.py, /usr/scripts/admin/controle_tresorier2.py, /usr/scripts/admin/controle_tresorier3.py" % (addit) - print "RESPBATS ALL=(respbats%s) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whokfet.py" % (addit) - print "RESPBATS ALL=(respbats%s) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py dalembert" % (addit) - print "RESPBATS ALL=(respbats%s) /usr/scripts/gestion/ressuscite.py" % (addit) - print "RESPBATS ALL=(respbats%s) /usr/scripts/cransticket/dump_creds.py" % (addit) + print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py,/usr/scripts/gestion/gest_crans_lc.py" + print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --zombielock" + print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --purgelock" + print "RESPBATS ALL=(respbats:ALL) /usr/scripts/admin/mail_invalide/mail_invalide.py, /usr/scripts/admin/controle_tresorier.py, /usr/scripts/admin/controle_tresorier2.py, /usr/scripts/admin/controle_tresorier3.py" + print "RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whokfet.py" + print "RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py dalembert" + print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ressuscite.py" + print "RESPBATS ALL=(respbats:ALL) /usr/scripts/cransticket/dump_creds.py" @# Pour ne pas louper des .forward pour des questions de droits de lecture - print "RESPBATS ALL=(root%s) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py" % (addit) + print "RESPBATS ALL=(root:ALL) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py" @# Bureau - print "BUREAU ALL=(respbats%s) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py" % (addit) + print "BUREAU ALL=(respbats:ALL) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py" @# intranet - print "respbats ALL=(USERS%s) NOPASSWD: /usr/scripts/gestion/config_mail.py" % (addit) - print "respbats ALL=(root%s) NOPASSWD: /usr/local/bin/quota" % (addit) + print "respbats ALL=(USERS:ALL) NOPASSWD: /usr/scripts/gestion/config_mail.py" + print "respbats ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota" @# Génération de codes impression pour les imprimeurs - print "IMPRIMEURS ALL=(root%s) /usr/scripts/impression/gen_code.py" % (addit) + print "IMPRIMEURS ALL=(root:ALL) /usr/scripts/impression/gen_code.py" @# Les imprimeurs peuvent recréditer en masse - print "IMPRIMEURS ALL=(respbats%s) /usr/scripts/utils/recredite.py" % (addit) + print "IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/utils/recredite.py" + print "IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/impression/recredit.py" @# Redémarrage de l'intranet pour les imprimeurs - print "IMPRIMEURS ALL=(root%s) /usr/scripts/impression/redemarre_intranet.sh" % (addit) + print "IMPRIMEURS ALL=(root:ALL) /usr/scripts/impression/redemarre_intranet.sh" @# Un chsh pour tout le monde - print "ALL ALL=(respbats%s) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami" % (addit) + print "ALL ALL=(respbats:ALL) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami" @# Quotas - print "ALL ALL=(respbats%s) NOPASSWD:/usr/local/bin/quota.sh" % (addit) + print "ALL ALL=(respbats:ALL) NOPASSWD:/usr/local/bin/quota.sh" @# Envoi de message SIP - print "ALL ALL=(respbats%s) NOPASSWD:/usr/scripts/sip/send_sms.py" % (addit) + print "ALL ALL=(respbats:ALL) NOPASSWD:/usr/scripts/sip/send_sms.py" -monit_path = '/usr/%sbin/monit' % ('' if has('wheezy') else 's') -print "%%respbats ALL=(ALL) NOPASSWD: %s summary, %s status" % (monit_path, monit_path) +print "%%respbats ALL=(ALL) NOPASSWD: /usr/bin/monit summary, /usr/bin/monit status" % (monit_path, monit_path) if has('generate'): print "rpcssh ALL=(ALL) NOPASSWD: /usr/scripts/gestion/gen_confs/generate.py" if has('arpwatch'): @# arpwatch - print "arpwatch ALL=(arpwatch%s) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py" % (addit) + print "arpwatch ALL=(arpwatch:ALL) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py" # Inclusion de fichier locaux @