[Lsb-messages] /var/www/bzr/lsb/devel/puppet-lsb r440: Strip 'osuadmin' from default OpenSuSE sudoers.

Jeff Licquia licquia at linuxfoundation.org
Wed Apr 10 16:15:05 UTC 2013


------------------------------------------------------------
revno: 440
committer: Jeff Licquia <licquia at linuxfoundation.org>
branch nick: puppet-lsb
timestamp: Wed 2013-04-10 12:15:05 -0400
message:
  Strip 'osuadmin' from default OpenSuSE sudoers.
  
  Also, create a custom sudoers for lfdev-test-power64.  This way,
  the OSUOSL admins won't be given root on every OpenSuSE box we set up.
added:
  modules/sudo/files/sudoers/lfdev-test-power64.osuosl.org
modified:
  modules/sudo/files/sudoers/default-opensuse
-------------- next part --------------
=== modified file 'modules/sudo/files/sudoers/default-opensuse'
--- a/modules/sudo/files/sudoers/default-opensuse	2013-04-10 16:09:11 +0000
+++ b/modules/sudo/files/sudoers/default-opensuse	2013-04-10 16:15:05 +0000
@@ -69,7 +69,6 @@
 ## User privilege specification
 ##
 root ALL=(ALL) ALL
-osuadmin ALL=(ALL) ALL
 
 ## Uncomment to allow members of group wheel to execute any command
 # %wheel ALL=(ALL) ALL

=== added file 'modules/sudo/files/sudoers/lfdev-test-power64.osuosl.org'
--- a/modules/sudo/files/sudoers/lfdev-test-power64.osuosl.org	1970-01-01 00:00:00 +0000
+++ b/modules/sudo/files/sudoers/lfdev-test-power64.osuosl.org	2013-04-10 16:15:05 +0000
@@ -0,0 +1,82 @@
+## sudoers file.
+##
+## This file MUST be edited with the 'visudo' command as root.
+## Failure to use 'visudo' may result in syntax or file permission errors
+## that prevent sudo from running.
+##
+## See the sudoers man page for the details on how to write a sudoers file.
+##
+
+##
+## Host alias specification
+##
+## Groups of machines. These may include host names (optionally with wildcards),
+## IP addresses, network numbers or netgroups.
+# Host_Alias	WEBSERVERS = www1, www2, www3
+
+##
+## User alias specification
+##
+## Groups of users.  These may consist of user names, uids, Unix groups,
+## or netgroups.
+# User_Alias	ADMINS = millert, dowdy, mikef
+
+##
+## Cmnd alias specification
+##
+## Groups of commands.  Often used to group related commands together.
+# Cmnd_Alias	PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
+# 			    /usr/bin/pkill, /usr/bin/top
+
+##
+## Defaults specification
+##
+## Prevent environment variables from influencing programs in an
+## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
+Defaults always_set_home
+Defaults env_reset
+## Change env_reset to !env_reset in previous line to keep all environment variables
+## Following list will no longer be necessary after this change
+
+Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
+## Comment out the preceding line and uncomment the following one if you need
+## to use special input methods. This may allow users to compromise  the root
+## account if they are allowed to run commands without authentication.
+#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
+
+## Do not insult users when they enter an incorrect password.
+Defaults !insults
+
+##
+## Uncomment to enable logging of a command's output, except for
+## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
+# Defaults log_output
+# Defaults!/usr/bin/sudoreplay !log_output
+# Defaults!/sbin/reboot !log_output
+
+## In the default (unconfigured) configuration, sudo asks for the root password.
+## This allows use of an ordinary user account for administration of a freshly
+## installed system. When configuring sudo, delete the two
+## following lines:
+Defaults targetpw   # ask for the password of the target user i.e. root
+ALL	ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
+
+##
+## Runas alias specification
+##
+
+##
+## User privilege specification
+##
+root ALL=(ALL) ALL
+osuadmin ALL=(ALL) ALL
+
+## Uncomment to allow members of group wheel to execute any command
+# %wheel ALL=(ALL) ALL
+
+## Same thing without a password
+# %wheel ALL=(ALL) NOPASSWD: ALL
+
+## Read drop-in files from /etc/sudoers.d
+## (the '#' here does not indicate a comment)
+#includedir /etc/sudoers.d



More information about the lsb-messages mailing list