Should we really use chef to manage the sudoers file?

蹲街弑〆低调 提交于 2019-12-06 02:32:50

Chef has a feature to help with this, verifiers. You can set up the verifies on your sudoer template like this:

template '/etc/sudoers' do
  source 'whatever.erb
  verify 'visudo -c -f %{path}'
end

If visudo rejects the syntax, the tempfile will never get put in place and the converge will fail. Granted, this doesn't help if you have a syntactically valid but useless sudoers. You might consider using the /etc/sudoers.d structure as that keeps each bit at least somewhat separated and harder to accidentally whammy yourself.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!