Module: Promotion::Generator::Sudoers
- Defined in:
- lib/promotion/generator/sudoers.rb
Class Method Summary collapse
-
.contents(specs) ⇒ Object
Generates the contents for /etc/sudoers, containing environment variables and aliases.
-
.generate(specs) ⇒ Object
Writes the sudoers file after testing it with visudo.
Class Method Details
.contents(specs) ⇒ Object
Generates the contents for /etc/sudoers, containing environment variables and aliases
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/promotion/generator/sudoers.rb', line 29 def self.contents(specs) contents = [] contents << "# This section of the file should not be edited\n" contents << "# It was generated by the promotion application and will be overwritten\n" contents << "# when the next promotion occurs.\n" contents << "# The previous section will be preserved\n\n" contents << "Defaults timestamp_timeout=55\n\n" contents << "root ALL = (ALL) ALL \n" contents << "# people in group wheel may run all commands \n" contents << "%wheel ALL = (ALL) ALL \n\n" contents << "# Generated user privilege specifications \n" specs.each { |spec| spec.elements.each("/Specification/Sudoers/UserPrivilege") { |priv| contents << "%-16s" % priv.attributes["User"] contents << " ALL = " contents << "(#{priv.attributes["Runas"]}) " if priv.attributes["Runas"] pwd = (priv.attributes["Password"] || "false").downcase() == "true" contents << (pwd ? " " : "NOPASSWD: ") contents << "#{priv.text().strip()} \n" } } return(contents.join("")) end |
.generate(specs) ⇒ Object
Writes the sudoers file after testing it with visudo
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'lib/promotion/generator/sudoers.rb', line 6 def self.generate(specs) sym = "Sudoers" begin originalContents = Promotion::Generator::original_contents_for(sym) newContents = originalContents + Marker + "\n" + contents(specs) tempFilename = Promotion::Generator::write_file_for(sym, newContents, true) $log.info("Checking temporary sudoers written to #{tempFilename}.") visudoResults = `#{Files::Visudo} -c -f #{tempFilename}` if visudoResults =~ /parsed OK/ $log.info("visudo confirms that sudoers syntax is correct.") else $log.error(visudoResults) raise end Promotion::Generator::write_file_for("Sudoers", newContents) FileUtils.rm_f(tempFilename) rescue => e $log.error("Error occurred while generating sudoers\n#{e.}" + e.backtrace.join("\n")) exit 1 end end |