Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###############################################################
- # #
- # This file is managed by puppet. Any changes you make #
- # will be overwritten. If you need to make changes to this #
- # file please submit a ticket to the DevOps group. #
- # #
- ###############################################################
- #
- # This file MUST be edited with the 'visudo' command as root.
- #
- # Please consider adding local content in /etc/sudoers.d/ instead of
- # directly modifying this file.
- #
- # See the man page for details on how to write a sudoers file.
- #
- Defaults env_reset
- Defaults mail_badpass
- Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- # Host alias specification
- # User alias specification
- # Cmnd alias specification
- # User privilege specification
- root ALL=(ALL:ALL) ALL
- # Members of the admin group may gain root privileges
- %admin ALL=(ALL) ALL
- # Allow members of group sudo to execute any command
- %sudo ALL=(ALL:ALL) ALL
- ## Allow people in the AD group Linux-sudo-access to run all commands
- %Linux-sudo-access ALL=(ALL) ALL
- %Linux-sudo-access ALL=(APPUSERS) NOPASSWD: ALL
- ## Allow developers access to the shared environment users
- <% if @hostname =~ /ps-[p]?migration-db/ -%>
- Runas_Alias APPUSERS = dev,test,stage,prod,worker,gitlab-runner,migration
- <% else -%>
- Runas_Alias APPUSERS = dev,test,stage,prod,worker,gitlab-runner
- <% end -%>
- %Linux-access ALL=(APPUSERS) NOPASSWD: ALL
- ## Allows the devops user to deploy. This isn't used normally but is setup just in case we have an issue with AD and need to deploy with a local user
- devops ALL=(APPUSERS) NOPASSWD: ALL
- <% if @hostname =~ /ps-[p]?migration-db/ -%>
- ## Allows migration user to kick off script used for managing the migration env DBs
- migration ALL=(root) NOPASSWD: /home/devops/scripts/migration_test.sh
- <% end -%>
- # See sudoers(5) for more information on "#include" directives:
- #includedir /etc/sudoers.d
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement