[sudoers] Tout est sous wheezy, et ajout de deux commandes.
This commit is contained in:
Pierre-Elliott Bécue
parent
1ca53b1248
commit
36705e1c36
1 changed files with 26 additions and 32 deletions
|
|
@ -17,15 +17,9 @@ header("Configuration du sudo")
|
|||
if has("users"):
|
||||
@Defaults:ALL tty_tickets
|
||||
|
||||
if has("wheezy"):
|
||||
addit = ":ALL"
|
||||
else:
|
||||
addit = ""
|
||||
|
||||
@Defaults env_keep += "DARCS_EMAIL EDITOR PYTHONIOENCODING GIT_*"
|
||||
|
||||
if has("wheezy"):
|
||||
@Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
@Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
@Defaults passprompt_override
|
||||
@Defaults passprompt="[sudo] password for %p on %h: "
|
||||
|
||||
|
|
@ -46,59 +40,59 @@ elif has("2B"):
|
|||
@# Cmnd alias specification
|
||||
|
||||
@# User privilege specification
|
||||
print "root ALL=(ALL%s) ALL" % (addit)
|
||||
print "NOUNOUS ALL=(ALL%s) ALL" % (addit)
|
||||
print "root ALL=(ALL:ALL) ALL"
|
||||
print "NOUNOUS ALL=(ALL:ALL) ALL"
|
||||
|
||||
if has("2B"):
|
||||
print "RESPBATS ALL=(root%s) NOPASSWD: /usr/scripts/gestion/tools/who2b.py" % (addit)
|
||||
print "RESPBATS ALL=(root:ALL) NOPASSWD: /usr/scripts/gestion/tools/who2b.py"
|
||||
|
||||
if has("users"):
|
||||
@# Les modérateurs ont le whos
|
||||
print "MODEROS ALL=(respbats%s) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py" % (addit)
|
||||
print "MODEROS ALL=(respbats:ALL) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py"
|
||||
|
||||
@# Câbleurs
|
||||
print "RESPBATS ALL=(respbats%s) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py" % (addit)
|
||||
print "RESPBATS ALL=(respbats%s) /usr/scripts/gestion/ldap_crans.py --zombielock" % (addit)
|
||||
print "RESPBATS ALL=(respbats%s) /usr/scripts/gestion/ldap_crans.py --purgelock" % (addit)
|
||||
print "RESPBATS ALL=(respbats%s) /usr/scripts/admin/mail_invalide/mail_invalide.py, /usr/scripts/admin/controle_tresorier.py, /usr/scripts/admin/controle_tresorier2.py, /usr/scripts/admin/controle_tresorier3.py" % (addit)
|
||||
print "RESPBATS ALL=(respbats%s) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whokfet.py" % (addit)
|
||||
print "RESPBATS ALL=(respbats%s) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py dalembert" % (addit)
|
||||
print "RESPBATS ALL=(respbats%s) /usr/scripts/gestion/ressuscite.py" % (addit)
|
||||
print "RESPBATS ALL=(respbats%s) /usr/scripts/cransticket/dump_creds.py" % (addit)
|
||||
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py,/usr/scripts/gestion/gest_crans_lc.py"
|
||||
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --zombielock"
|
||||
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --purgelock"
|
||||
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/admin/mail_invalide/mail_invalide.py, /usr/scripts/admin/controle_tresorier.py, /usr/scripts/admin/controle_tresorier2.py, /usr/scripts/admin/controle_tresorier3.py"
|
||||
print "RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whokfet.py"
|
||||
print "RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py dalembert"
|
||||
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ressuscite.py"
|
||||
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/cransticket/dump_creds.py"
|
||||
@# Pour ne pas louper des .forward pour des questions de droits de lecture
|
||||
print "RESPBATS ALL=(root%s) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py" % (addit)
|
||||
print "RESPBATS ALL=(root:ALL) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py"
|
||||
|
||||
@# Bureau
|
||||
print "BUREAU ALL=(respbats%s) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py" % (addit)
|
||||
print "BUREAU ALL=(respbats:ALL) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py"
|
||||
|
||||
@# intranet
|
||||
print "respbats ALL=(USERS%s) NOPASSWD: /usr/scripts/gestion/config_mail.py" % (addit)
|
||||
print "respbats ALL=(root%s) NOPASSWD: /usr/local/bin/quota" % (addit)
|
||||
print "respbats ALL=(USERS:ALL) NOPASSWD: /usr/scripts/gestion/config_mail.py"
|
||||
print "respbats ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota"
|
||||
|
||||
@# Génération de codes impression pour les imprimeurs
|
||||
print "IMPRIMEURS ALL=(root%s) /usr/scripts/impression/gen_code.py" % (addit)
|
||||
print "IMPRIMEURS ALL=(root:ALL) /usr/scripts/impression/gen_code.py"
|
||||
@# Les imprimeurs peuvent recréditer en masse
|
||||
print "IMPRIMEURS ALL=(respbats%s) /usr/scripts/utils/recredite.py" % (addit)
|
||||
print "IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/utils/recredite.py"
|
||||
print "IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/impression/recredit.py"
|
||||
|
||||
@# Redémarrage de l'intranet pour les imprimeurs
|
||||
print "IMPRIMEURS ALL=(root%s) /usr/scripts/impression/redemarre_intranet.sh" % (addit)
|
||||
print "IMPRIMEURS ALL=(root:ALL) /usr/scripts/impression/redemarre_intranet.sh"
|
||||
|
||||
@# Un chsh pour tout le monde
|
||||
print "ALL ALL=(respbats%s) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami" % (addit)
|
||||
print "ALL ALL=(respbats:ALL) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami"
|
||||
@# Quotas
|
||||
print "ALL ALL=(respbats%s) NOPASSWD:/usr/local/bin/quota.sh" % (addit)
|
||||
print "ALL ALL=(respbats:ALL) NOPASSWD:/usr/local/bin/quota.sh"
|
||||
|
||||
@# Envoi de message SIP
|
||||
print "ALL ALL=(respbats%s) NOPASSWD:/usr/scripts/sip/send_sms.py" % (addit)
|
||||
print "ALL ALL=(respbats:ALL) NOPASSWD:/usr/scripts/sip/send_sms.py"
|
||||
|
||||
monit_path = '/usr/%sbin/monit' % ('' if has('wheezy') else 's')
|
||||
print "%%respbats ALL=(ALL) NOPASSWD: %s summary, %s status" % (monit_path, monit_path)
|
||||
print "%%respbats ALL=(ALL) NOPASSWD: /usr/bin/monit summary, /usr/bin/monit status" % (monit_path, monit_path)
|
||||
|
||||
if has('generate'):
|
||||
print "rpcssh ALL=(ALL) NOPASSWD: /usr/scripts/gestion/gen_confs/generate.py"
|
||||
if has('arpwatch'):
|
||||
@# arpwatch
|
||||
print "arpwatch ALL=(arpwatch%s) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py" % (addit)
|
||||
print "arpwatch ALL=(arpwatch:ALL) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py"
|
||||
|
||||
# Inclusion de fichier locaux
|
||||
@
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue