jumpserver/templates/jperm/role_sudo.j2

44 lines
1.2 KiB
Plaintext
Raw Normal View History

#!/bin/bash
2015-11-30 11:51:34 +00:00
real_file=/etc/sudoers
tmp_file=$(mktemp /tmp/XXXXXXX)
2015-11-30 14:55:40 +00:00
# Backup sudoers file
cp ${sudo_file} ${sudo_file_bak}
# Add Command Aliases
add_cmd_alias() {
2015-11-30 11:51:34 +00:00
sudo_file=$1
2015-11-29 07:18:05 +00:00
{% for sudo in sudo_alias %}
if $(grep '^Cmnd_Alias {{ sudo.name }}' ${sudo_file} &> /dev/null); then
sed -i 's@^Cmnd_Alias.*{{ sudo.name }}.*@Cmnd_Alias {{ sudo.name }} = {{ sudo.commands }}@g' ${sudo_file}
else
echo "Cmnd_Alias {{ sudo.name }} = {{ sudo.commands }}" >> ${sudo_file}
fi
{% endfor %}
}
2015-11-30 14:55:40 +00:00
# Add Command Aliases to role
add_role_chosen() {
2015-11-30 11:51:34 +00:00
sudo_file=$1
2015-11-29 08:56:39 +00:00
{% for role, alias in role_chosen_aliase.items %}
if $(grep '^{{ role }}.*' ${sudo_file} &> /dev/null); then
sed -i 's@^{{ role }}.*@{{ role }} ALL = NOPASSWD: {{ alias }}@g' ${sudo_file}
2015-11-29 07:18:05 +00:00
else
2015-11-29 08:56:39 +00:00
echo "{{ role }} ALL = NOPASSWD: {{ alias }}" >> ${sudo_file}
2015-11-29 07:18:05 +00:00
fi
{% endfor %}
}
2015-11-30 14:55:40 +00:00
2015-11-30 11:51:34 +00:00
check_syntax(){
visudo -c -f $1
}
2015-11-30 11:51:34 +00:00
cp $real_file $tmp_file && add_cmd_alias $tmp_file && add_role_chosen $tmp_file || exit 1
check_syntax $tmp_file && add_cmd_alias $real_file && add_role_chosen $real_file && rm -f $tmp_file || exit 2
check_syntax $real_file
2015-11-30 14:55:40 +00:00