crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
crans_bcfg2/Python/etc/sudoers
Gabriel Detraz 279f7bc81d Ménage dans le sudoers
2015-11-23 23:20:31 +01:00

98 lines
3.7 KiB
Python
Raw Blame History

# -*- coding: utf-8; mode: python -*-
info["mode"] = 0440
header("Configuration du sudo")
# Suite du header
@#
@# This file MUST be edited with the 'visudo' command as root.
@#
@# Please consider adding local content in /etc/sudoers.d/ instead of
@# directly modifying this file.
@#
@# See the man page for details on how to write a sudoers file.
@#
if has("users"):
@Defaults:ALL tty_tickets
@Defaults env_keep += "DARCS_EMAIL EDITOR PYTHONIOENCODING GIT_*"
@Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@Defaults passprompt_override
@Defaults passprompt="[sudo] password for %p on %h: "
@# Host alias specification
@# User alias specification
@User_Alias NOUNOUS= %adm
if has("users"):
@User_Alias RESPBATS= %respbats
@User_Alias MODEROS= %moderateurs
@User_Alias IMPRIMEURS= %imprimeurs
@User_Alias BUREAU= %bureau
@Runas_Alias USERS= %users
elif has("2B"):
@User_Alias RESPBATS= %respbats
@# Cmnd alias specification
@# User privilege specification
@root ALL=(ALL:ALL) ALL
@NOUNOUS ALL=(ALL:ALL) ALL
if has("2B"):
@RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py 2b
if has("users"):
@# Les modérateurs ont le whos
@MODEROS ALL=(respbats:ALL) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py
@# Câbleurs
@RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py,/usr/scripts/gestion/gest_crans_lc.py
@RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --zombielock
@RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --purgelock
@RESPBATS ALL=(respbats:ALL) /usr/scripts/admin/mail_invalide/mail_invalide.py
@RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whosthere.py
@RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ressuscite.py
@RESPBATS ALL=(respbats:ALL) /usr/scripts/cransticket/dump_creds.py
@# Pour ne pas louper des .forward pour des questions de droits de lecture
@RESPBATS ALL=(root:ALL) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py
@# Bureau
@BUREAU ALL=(respbats:ALL) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py, /usr/scripts/tresorerie/controle_rapide.py
@# Génération de codes impression pour les imprimeurs
@IMPRIMEURS ALL=(root:ALL) /usr/scripts/impression/gen_code.py
@# Les imprimeurs peuvent recréditer en masse
@IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/impression/recredit_masse.py
@IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/impression/recredit.py
@# Un chsh pour tout le monde
@ALL ALL=(respbats:ALL) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami
@# Quotas
@ALL ALL=(respbats:ALL) NOPASSWD:/usr/local/bin/quota.sh
@# Envoi de message SIP
@ALL ALL=(respbats:ALL) NOPASSWD:/usr/scripts/sip/send_sms.py
@%respbats ALL=(ALL) NOPASSWD: /usr/bin/monit summary, /usr/bin/monit status
if has('generate'):
@rpcssh ALL=(ALL) NOPASSWD: /usr/scripts/gestion/gen_confs/generate.py
if has('arpwatch'):
@# arpwatch
@arpwatch ALL=(arpwatch:ALL) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py
if has('intranet2-server'):
@www-data ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota
@www-data ALL=(root) NOPASSWD: /usr/scripts/utils/chown_impressions.sh
@www-data ALL=(root) NOPASSWD: /usr/scripts/utils/forward.py
# Inclusion de fichier locaux
@
@# See sudoers(5) for more information on "#include" directives:
@
@#includedir /etc/sudoers.d
Reference in a new issue View git blame Copy permalink