Merge pull request #142 from IMBArator/policykit-settings
make AdminIdentity configureable per user
This commit is contained in:
commit
d80338d4a0
@ -55,6 +55,8 @@ users:
|
|||||||
- ALL=(otheruser) /usr/bin/script.sh
|
- ALL=(otheruser) /usr/bin/script.sh
|
||||||
sudo_defaults:
|
sudo_defaults:
|
||||||
- '!requiretty'
|
- '!requiretty'
|
||||||
|
# enable polkitadmin to make user an AdminIdentity for polkit
|
||||||
|
polkitadmin: True
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
remove_groups: False
|
remove_groups: False
|
||||||
prime_group:
|
prime_group:
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
{% set used_sudo = [] %}
|
{% set used_sudo = [] %}
|
||||||
{% set used_googleauth = [] %}
|
{% set used_googleauth = [] %}
|
||||||
{% set used_user_files = [] %}
|
{% set used_user_files = [] %}
|
||||||
|
{% set used_polkit = [] %}
|
||||||
|
|
||||||
{% for group, setting in salt['pillar.get']('groups', {}).items() %}
|
{% for group, setting in salt['pillar.get']('groups', {}).items() %}
|
||||||
{% if setting.absent is defined and setting.absent or setting.get('state', "present") == 'absent' %}
|
{% if setting.absent is defined and setting.absent or setting.get('state', "present") == 'absent' %}
|
||||||
@ -38,9 +39,12 @@ users_group_present_{{ group }}:
|
|||||||
{%- if salt['pillar.get']('users:' ~ name ~ ':user_files:enabled', False) %}
|
{%- if salt['pillar.get']('users:' ~ name ~ ':user_files:enabled', False) %}
|
||||||
{%- do used_user_files.append(1) %}
|
{%- do used_user_files.append(1) %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if user.get('polkitadmin', False) == True %}
|
||||||
|
{%- do used_polkit.append(1) %}
|
||||||
|
{%- endif %}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
{%- if used_sudo or used_googleauth or used_user_files %}
|
{%- if used_sudo or used_googleauth or used_user_files or used_polkit %}
|
||||||
include:
|
include:
|
||||||
{%- if used_sudo %}
|
{%- if used_sudo %}
|
||||||
- users.sudo
|
- users.sudo
|
||||||
@ -51,6 +55,9 @@ include:
|
|||||||
{%- if used_user_files %}
|
{%- if used_user_files %}
|
||||||
- users.user_files
|
- users.user_files
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if used_polkit %}
|
||||||
|
- users.polkit
|
||||||
|
{%- endif %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
{% for name, user in pillar.get('users', {}).items()
|
{% for name, user in pillar.get('users', {}).items()
|
||||||
|
@ -27,7 +27,9 @@
|
|||||||
'bash_package': 'bash',
|
'bash_package': 'bash',
|
||||||
'sudo_package': 'sudo',
|
'sudo_package': 'sudo',
|
||||||
'googleauth_package': 'libpam-google-authenticator',
|
'googleauth_package': 'libpam-google-authenticator',
|
||||||
},
|
'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
|
||||||
|
'polkit_defaults': 'unix-group:sudo;'
|
||||||
|
},
|
||||||
'Gentoo': {
|
'Gentoo': {
|
||||||
'sudoers_dir': '/etc/sudoers.d',
|
'sudoers_dir': '/etc/sudoers.d',
|
||||||
'sudoers_file': '/etc/sudoers',
|
'sudoers_file': '/etc/sudoers',
|
||||||
@ -82,6 +84,8 @@
|
|||||||
'bash_package': 'bash',
|
'bash_package': 'bash',
|
||||||
'sudo_package': 'sudo',
|
'sudo_package': 'sudo',
|
||||||
'googleauth_package': 'libpam-google-authenticator',
|
'googleauth_package': 'libpam-google-authenticator',
|
||||||
|
'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
|
||||||
|
'polkit_defaults': 'unix-group:sudo;'
|
||||||
},
|
},
|
||||||
}, merge=salt['pillar.get']('users-formula:lookup')),
|
}, merge=salt['pillar.get']('users-formula:lookup')),
|
||||||
base='users',
|
base='users',
|
||||||
|
31
users/polkit.sls
Normal file
31
users/polkit.sls
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{% from "users/map.jinja" import users with context %}
|
||||||
|
{% set polkitusers = {} %}
|
||||||
|
{% set polkitusers = {'value': ''} %}
|
||||||
|
|
||||||
|
{% for name, user in pillar.get('users', {}).items() %}
|
||||||
|
{% if user.absent is not defined or not user.absent %}
|
||||||
|
{% if 'polkitadmin' in user and user['polkitadmin'] %}
|
||||||
|
{% do polkitusers.update({'value': polkitusers.value + 'unix-user:' + name + ';'}) %}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% if polkitusers.value != '' %}
|
||||||
|
users_{{ users.polkit_dir }}/99salt-users-formula.conf:
|
||||||
|
file.managed:
|
||||||
|
- replace: True
|
||||||
|
- onlyif: 'test -d {{ users.polkit_dir }}'
|
||||||
|
- name: {{ users.polkit_dir }}/99salt-users-formula.conf
|
||||||
|
- contents: |
|
||||||
|
########################################################################
|
||||||
|
# File managed by Salt (users-formula).
|
||||||
|
# Your changes will be overwritten.
|
||||||
|
########################################################################
|
||||||
|
#
|
||||||
|
[Configuration]
|
||||||
|
AdminIdentities={{ users.polkit_defaults }}{{ polkitusers.value }}
|
||||||
|
{% else %}
|
||||||
|
users_{{ users.polkit_dir }}/99salt-users-formula.conf_delete:
|
||||||
|
file.absent:
|
||||||
|
- name: {{ users.polkit_dir }}/99salt-users-formula.conf
|
||||||
|
{% endif %}
|
Loading…
Reference in New Issue
Block a user