Modify group(%admin) with username in sudoers file

smilemukul · 05-31-2012, 09:17 AM

Hi,

How can I transform/modify group(%admin) in sudoers file where users are added in the admin group as "%admin ALL=(ALL) ALL" but I want to relect with user name on thome the system belongs which should fetch username from a file or database.

Is there any bash script or other to process the same through puppet ?

Any solution will be appreciated.

Snark1994 · 05-31-2012, 09:25 AM

Quote:

Originally Posted by smilemukul

I want to relect with user name on thome the system belongs which should fetch username from a file or database.

I'm not entirely clear on what exactly you want to be able to do... Could you clarify it?

smilemukul · 05-31-2012, 09:49 AM

Actually I have a list of username from my domain where users are added in %admin group as specified in /etc/sudoers file but I want to specify username instead of %admin for all the users which are in the list according to the owner of the system such as,

File (list of users):-
David
Mapple
---------------

so want to replace %admin ALL=(ALL) ALL with David ALL=(ALL) ALL <--- System Owner is David
Mapple ALL=(ALL) ALL <--- System Owner is Mapple

Snark1994 · 06-01-2012, 07:12 AM

And why are you wanting to do that? The 'admin' group is much more convenient and flexible in general...

However, if you wanted to systematically replace '%admin' then the following should help:

Code:

name='Mapple'
cp /etc/sudoers{,.bak}
chmod +w /etc/sudoers
sed "s/^%admin\( ALL=(ALL) ALL\)/${name}\1/" /etc/sudoers.bak > /etc/sudoers
chmod -w /etc/sudoers

I'm still not 100% sure on exactly what you want to achieve, but if you were to SSH to each machine and execute this code with the appropriate value for 'name' as root, then it would do what I think you want to do.

Needless to say, MAKE A BACKUP before doing ANYTHING with the /etc/sudoers file without using the visudo command. Or else.

smilemukul · 06-08-2012, 02:11 AM

Actually I want to replace the username's in the /etc/sudoers from a list of users from a database & also the users list should be compared with the system's owners name means,

if system owner (David) = David (from users list from database)
then replace "David ALL=(ALL) ALL" in /etc/sudoers instead of "%admin ALL=(ALL) ALL"

Also the same I want to push through puppet.

I hope now it should be cleared.

acid_kewpie · 06-08-2012, 02:39 AM

OK, so you have an abstract (NON-POSIX) group list out there somewhere, and you want to use that list under puppet to customize the sudoers file on a range of systems?

So first up, don't. Stick with user groups, I expect there's some way to keep this simpler model.

But after that, if this really is what you're going to do (and TBH I can see why it's not so bad - you have to make some sort of arbitrary mapping at some point, so maybe this point is OK) what is the association between the system and the user? It seems like an extremely puppet based solution is pretty simple. First thought to use an external arbitrary text list is to use an extlookup - http://docs.puppetlabs.com/reference...html#extlookup within a simple template file, but plenty of other solutions are also out there. I like using puppet-dashboard for this finer detail of config, in which you could add all the nodes within dashboard and use external node processing in puppet to pull in these little scrappy bits of data which you can manage fairly painlessly through a web interface.