crans_bcfg2/Python/etc/sudoers

# -*- coding: utf-8; mode: python -*-

info["perms"] = 0440

header("Configuration du sudo")
# Suite du header
@#
@# This file MUST be edited with the 'visudo' command as root.
@#
@# Please consider adding local content in /etc/sudoers.d/ instead of
@# directly modifying this file.
@#
@# See the man page for details on how to write a sudoers file.
@#


if has("users"):
    @Defaults:ALL tty_tickets

@Defaults env_keep += "DARCS_EMAIL EDITOR PYTHONIOENCODING GIT_*"

@Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@Defaults        passprompt_override
@Defaults        passprompt="[sudo] password for %p on %h: "

@# Host alias specification

@# User alias specification
@User_Alias      NOUNOUS= %adm
if has("users"):
    @User_Alias      RESPBATS= %respbats
    @User_Alias      MODEROS= %moderateurs
    @User_Alias      IMPRIMEURS= %imprimeurs
    @User_Alias      BUREAU= %bureau
    @Runas_Alias     USERS= %users

elif has("2B"):
    @User_Alias      RESPBATS= %respbats

@# Cmnd alias specification

@# User privilege specification
print "root       ALL=(ALL:ALL) ALL"
print "NOUNOUS    ALL=(ALL:ALL) ALL"

if has("2B"):
    print "RESPBATS   ALL=(root:ALL) NOPASSWD: /usr/scripts/gestion/tools/who2b.py"

if has("users"):
    @# Les modérateurs ont le whos
    print "MODEROS    ALL=(respbats:ALL) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py"

    @# Câbleurs
    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py,/usr/scripts/gestion/gest_crans_lc.py"
    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --zombielock"
    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --purgelock"
    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/admin/mail_invalide/mail_invalide.py, /usr/scripts/admin/controle_tresorier.py, /usr/scripts/admin/controle_tresorier2.py, /usr/scripts/admin/controle_tresorier3.py"
    print "RESPBATS   ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whokfet.py"
    print "RESPBATS   ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py dalembert"
    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/ressuscite.py"
    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/cransticket/dump_creds.py"
    @# Pour ne pas louper des .forward pour des questions de droits de lecture
    print "RESPBATS   ALL=(root:ALL) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py"

    @# Bureau
    print "BUREAU     ALL=(respbats:ALL) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py"

    @# intranet
    print "respbats   ALL=(USERS:ALL) NOPASSWD: /usr/scripts/gestion/config_mail.py"
    print "respbats   ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota"

    @# Génération de codes impression pour les imprimeurs
    print "IMPRIMEURS   ALL=(root:ALL) /usr/scripts/impression/gen_code.py"
    @# Les imprimeurs peuvent recréditer en masse
    print "IMPRIMEURS   ALL=(respbats:ALL) /usr/scripts/impression/recredit_masse.py"
    print "IMPRIMEURS   ALL=(respbats:ALL) /usr/scripts/impression/recredit.py"

    @# Redémarrage de l'intranet pour les imprimeurs
    print "IMPRIMEURS   ALL=(root:ALL) /usr/scripts/impression/redemarre_intranet.sh"

    @# Un chsh pour tout le monde
    print "ALL        ALL=(respbats:ALL) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami"
    @# Quotas
    print "ALL        ALL=(respbats:ALL) NOPASSWD:/usr/local/bin/quota.sh"

    @# Envoi de message SIP
    print "ALL        ALL=(respbats:ALL) NOPASSWD:/usr/scripts/sip/send_sms.py"

print "%respbats   ALL=(ALL) NOPASSWD: /usr/bin/monit summary, /usr/bin/monit status"

if has('generate'):
    print "rpcssh ALL=(ALL) NOPASSWD: /usr/scripts/gestion/gen_confs/generate.py"
if has('arpwatch'):
    @# arpwatch
    print "arpwatch   ALL=(arpwatch:ALL) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py"

if has('intranet2-server'):
    print "www-data   ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota"

# Inclusion de fichier locaux
@
@# See sudoers(5) for more information on "#include" directives:
@
@#includedir /etc/sudoers.d