Skip to content

Use same sudoers config for all distros #332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
rsafonseca wants to merge 1 commit into from
Closed

Use same sudoers config for all distros #332

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions debian/rules
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ override_dh_auto_install:

# nast hack for a couple of configuration files
mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-limits.conf $(DESTDIR)/$(SYSCONFDIR)/security/limits.d/
mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack
chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack
mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/$(PACKAGE)
chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/$(PACKAGE)

ln -s tomcat6-nonssl.conf $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/tomcat6.conf
ln -s server-nonssl.xml $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/server.xml
Expand Down
3 changes: 3 additions & 0 deletions packaging/centos63/cloud.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/management
mkdir -p ${RPM_BUILD_ROOT}%{_initrddir}
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d

# Common
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts
Expand Down Expand Up @@ -297,6 +298,7 @@ install -D client/target/pythonlibs/jasypt-1.9.2.jar ${RPM_BUILD_ROOT}%{_datadir
install -D packaging/centos63/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator
install -D packaging/centos63/cloud-management.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-management
install -D packaging/centos63/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management
install -D server/target/conf/cloudstack-sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
install -D packaging/centos63/tomcat.sh ${RPM_BUILD_ROOT}%{_initrddir}/tomcat.sh

chmod 770 ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/Catalina
Expand Down Expand Up @@ -536,6 +538,7 @@ fi
%dir %attr(0770,root,cloud) %{_localstatedir}/cache/%{name}/management/temp
%dir %attr(0770,root,cloud) %{_localstatedir}/log/%{name}/management
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-management
%config(noreplace) %{_sysconfdir}/sudoers.d/%{name}-management
%config(noreplace) %attr(0640,root,cloud) %{_sysconfdir}/%{name}/management/db.properties
%config(noreplace) %{_sysconfdir}/%{name}/management/log4j-cloud.xml
%config(noreplace) %{_sysconfdir}/%{name}/management/tomcat6-nonssl.conf
Expand Down
22 changes: 0 additions & 22 deletions packaging/centos7/cloud-management.sudoers
View file
Open in desktop

This file was deleted.

3 changes: 2 additions & 1 deletion packaging/centos7/cloud.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/management
mkdir -p ${RPM_BUILD_ROOT}%{_initrddir}
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d

# Common
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts
Expand Down Expand Up @@ -272,8 +273,8 @@ install -D client/target/pythonlibs/jasypt-1.9.2.jar ${RPM_BUILD_ROOT}%{_datadir

install -D packaging/centos7/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator
install -D packaging/centos7/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management
install -D server/target/conf/cloudstack-sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
install -D packaging/centos7/cloud-management.service ${RPM_BUILD_ROOT}%{_unitdir}/%{name}-management.service
install -D packaging/centos7/cloud-management.sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
install -D packaging/centos7/cloud.limits ${RPM_BUILD_ROOT}%{_sysconfdir}/security/limits.d/cloud
touch ${RPM_BUILD_ROOT}%{_localstatedir}/run/%{name}-management.pid

Expand Down
8 changes: 0 additions & 8 deletions python/lib/cloudutils/configFileOps.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,11 +175,3 @@ def backup(self):
self.add_lines(oldLine, False)
else:
self.replace_lines(newLine, oldLine, False)

if __name__ == '__main__':
cfo = configFileOps("./sudoers")
#cloud ALL = NOPASSWD : ALL
cfo.addEntry("cloud ALL ", "NOPASSWD : ALL")
cfo.rmEntry("Defaults", "requiretty", " ")
#cfo.addEntry("zone", "test", " ")
cfo.save()
18 changes: 0 additions & 18 deletions python/lib/cloudutils/serviceConfig.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -721,24 +721,6 @@ def config(self):
def restore(self):
return True


class sudoersConfig(serviceCfgBase):
def __init__(self, syscfg):
super(sudoersConfig, self).__init__(syscfg)
self.serviceName = "sudoers"
def config(self):
try:
cfo = configFileOps("/etc/sudoers", self)
cfo.addEntry("cloud ALL ", "NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount, /usr/bin/keytool")
cfo.rmEntry("Defaults", "requiretty", " ")
cfo.save()
return True
except:
raise

def restore(self):
return True

class firewallConfigServer(firewallConfigBase):
def __init__(self, syscfg):
super(firewallConfigServer, self).__init__(syscfg)
Expand Down
6 changes: 2 additions & 4 deletions python/lib/cloudutils/syscfg.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,12 +206,10 @@ class sysConfigServerRedhat(sysConfigServer):
def __init__(self, glbEnv):
super(sysConfigServerRedhat, self).__init__(glbEnv)
self.svo = serviceOpsRedhat()
self.services = [sudoersConfig(self),
firewallConfigServer(self)]
self.services = [firewallConfigServer(self)]

class sysConfigServerUbuntu(sysConfigServer):
def __init__(self, glbEnv):
super(sysConfigServerUbuntu, self).__init__(glbEnv)
self.svo = serviceOpsUbuntu()
self.services = [sudoersConfig(self),
ubuntuFirewallConfigServer(self)]
self.services = [ubuntuFirewallConfigServer(self)]
5 changes: 4 additions & 1 deletion server/conf/cloudstack-sudoers.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,8 @@
# The CloudStack management server needs sudo permissions
# without a password.

@MSUSER@ ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount
Cmnd_Alias CLOUDSTACK = /bin/mkdir, /bin/mount, /bin/umount, /bin/cp, /bin/chmod, /usr/bin/keytool, /bin/keytool

Defaults:@MSUSER@ !requiretty

@MSUSER@ ALL=(root) NOPASSWD:CLOUDSTACK