module SyncWrap::Sudoers

Utility methods for generating sudoers.d config

Constants

SECURE_PATH

Default paths array for sudoers secure_path (PATH setting) As compared with RHEL derivatives this has /usr/local support and retains /bin for distro's like Debian that have kept those separate. As compared with recent Ubuntu, this is the same other than avoiding '/snap/bin'.

Protected Instance Methods

sudoers_d_commands( user, opts = {} ) click to toggle source

Return sh command lines string for writing the file /etc/sudoers.d/<user>

# File lib/syncwrap/sudoers.rb, line 44
def sudoers_d_commands( user, opts = {} )
  sh = []
  sh << "cat > /etc/sudoers.d/#{user} <<_CONF_"
  sh += sudoers_d_template( user, opts )
  sh << "_CONF_"
  sh << "chmod 440 /etc/sudoers.d/#{user}"
  sh.join( "\n" )
end
sudoers_d_script( user, opts = {} ) click to toggle source

Return an sh script, including 'shebang' preamble, for writing the file /etc/sudoers.d/<user>

# File lib/syncwrap/sudoers.rb, line 38
def sudoers_d_script( user, opts = {} )
  "#!/bin/sh -e\n" + sudoers_d_commands( user, opts )
end
sudoers_d_template( user, opts = {} ) click to toggle source

Return /etc/sudoers.d/<users> compatible config lines for user and possible options, as an array

# File lib/syncwrap/sudoers.rb, line 55
def sudoers_d_template( user, opts = {} )
  spath = opts[:secure_path] || SECURE_PATH
  spath = spath.join(':') if spath.is_a?( Array )

  [ "#{user} ALL=(ALL) NOPASSWD:ALL",
    "Defaults:#{user} !requiretty",
    "Defaults:#{user} always_set_home",  # Default only on RHEL*
    "Defaults:#{user} secure_path = #{spath}" ]
end