forked from jumpserver/jumpserver
-
Notifications
You must be signed in to change notification settings - Fork 0
/
role_sudo.j2
60 lines (48 loc) · 1.82 KB
/
role_sudo.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/bin/bash
real_file=/etc/sudoers
tmp_file=$(mktemp /tmp/XXXXXXX)
# fixed sudoers file path in bsd
isbsd=$(uname -a | grep -i 'freebsd' &> /dev/null && echo "yes" || echo "no")
if [ $isbsd == "yes" ]; then
real_file=/usr/local/etc/sudoers
fi
# Backup sudoers file
cp ${real_file} ${tmp_file}
# Add Command Aliases
add_cmd_alias() {
sudo_file=$1
{% for sudo_name, sudo_cmd in sudo_alias.items %}
{% if sudo_name != 'ALL' %}
if $(grep '^Cmnd_Alias \<{{ sudo_name }}\>' ${sudo_file} &> /dev/null); then
if [ $isbsd == "yes" ]; then
sed -i .bk 's@^Cmnd_Alias \<{{ sudo_name }}\>.*@Cmnd_Alias {{ sudo_name }} = {{ sudo_cmd }}@g' ${sudo_file}
else
sed -i 's@^Cmnd_Alias \<{{ sudo_name }}\>.*@Cmnd_Alias {{ sudo_name }} = {{ sudo_cmd }}@g' ${sudo_file}
fi
else
echo "Cmnd_Alias {{ sudo_name }} = {{ sudo_cmd }}" >> ${sudo_file}
fi
{% endif %}
{% endfor %}
}
# Add Command Aliases to role
add_role_chosen() {
sudo_file=$1
{% for user, alias in sudo_user.items %}
if $(grep '^{{ user }}\>' ${sudo_file} &> /dev/null); then
if [ $isbsd == "yes" ]; then
sed -i .bk 's@^{{ user }}\>.*@{{ user }} ALL = (root) NOPASSWD: {{ alias }}@g' ${sudo_file}
else
sed -i 's@^{{ user }}\>.*@{{ user }} ALL = (root) NOPASSWD: {{ alias }}@g' ${sudo_file}
fi
else
echo "{{ user }} ALL = (root) NOPASSWD: {{ alias }}" >> ${sudo_file}
fi
{% endfor %}
}
check_syntax(){
/usr/sbin/visudo -c -f $1
}
cp $real_file $tmp_file && add_cmd_alias $tmp_file && add_role_chosen $tmp_file || exit 1
check_syntax $tmp_file && add_cmd_alias $real_file && add_role_chosen $real_file && rm -f $tmp_file || exit 2
check_syntax $real_file