Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@ns7loc10 ~]# cat /etc/e-smith/templates/etc/sudoers.d/30nethserver_cockpit_roles/10base
- {
- use strict;
- use warnings;
- use JSON;
- #use esmith::ConfigDB;
- require "/usr/libexec/nethserver/api/lib/auth_functions.pl";
- my $jsonFile = '/etc/nethserver/cockpit/authorization/roles.json';
- my $data = read_json ($jsonFile);
- my %controllers = (
- "system-users-groups" => ["/usr/libexec/nethserver/api/system-roles/*",
- "/usr/libexec/nethserver/api/system-password-policy/read",
- "/usr/libexec/nethserver/api/system-accounts-provider/*",
- "/usr/libexec/nethserver/api/system-users/*"],
- 'system-network' => ["/usr/libexec/nethserver/api/system-routes/*",
- "/usr/libexec/nethserver/api/system-proxy/*"],
- 'system-dns' => ["/usr/libexec/nethserver/api/system-hosts/*"],
- 'system-certificates' => ["/usr/libexec/nethserver/api/system-certificate/*"],
- 'system-ssh' => ["/usr/libexec/nethserver/api/system-openssh/*"],
- 'system-applications' => ["/usr/libexec/nethserver/api/system-apps/*"],
- );
- foreach my $key (keys %{$data}) {
- my @systems = @{$data->{$key}->{'system'}};
- my @applications = @{$data->{$key}->{'applications'}};
- my @roles = ();
- #Here all default sudo commands
- my @commands = (
- "/usr/libexec/nethserver/api/system-*/read"
- );
- foreach my $system (@systems){
- push @roles, "system-$system";
- }
- foreach my $application (@applications){
- push @roles, $application;
- }
- # Hack when the group name gets a space
- # for example 'domain admins', visudo do not like it
- (my $Cmnd_Alias = $key) =~ s/ //;
- $key =~s/ /\\ /;
- $OUT .= "\n#\n# Role delegations for $key\n#";
- $OUT .= "\nCmnd_Alias ". uc $Cmnd_Alias .'= ';
- foreach my $role (@roles) {
- $role = '*' if ($key eq 'domain admins');
- if (! exists $controllers{$role}){
- push @commands, "/usr/libexec/nethserver/api/$role/*";
- } else {
- push @commands, @{$controllers{$role}};
- }
- # we allow all for admins
- last if ($key eq 'admins');
- }
- $OUT .= join (', ',@commands);
- $OUT .= "\n\n%".$key." ALL=NOPASSWD: ". uc $Cmnd_Alias;
- $OUT .= "\nDefaults:%".$key." !requiretty\n";
- }
- }
Add Comment
Please, Sign In to add comment