-
-
Save anonymous/78b22ddb834fb0217cf88f3ceeb6203a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################################### | |
# # | |
# This file is managed by puppet. Any changes you make # | |
# will be overwritten. If you need to make changes to this # | |
# file please submit a ticket to the DevOps group. # | |
# # | |
############################################################### | |
# | |
# This file MUST be edited with the 'visudo' command as root. | |
# | |
# Please consider adding local content in /etc/sudoers.d/ instead of | |
# directly modifying this file. | |
# | |
# See the man page for details on how to write a sudoers file. | |
# | |
Defaults env_reset | |
Defaults mail_badpass | |
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | |
# Host alias specification | |
# User alias specification | |
# Cmnd alias specification | |
# User privilege specification | |
root ALL=(ALL:ALL) ALL | |
# Members of the admin group may gain root privileges | |
%admin ALL=(ALL) ALL | |
# Allow members of group sudo to execute any command | |
%sudo ALL=(ALL:ALL) ALL | |
## Allow people in the AD group Linux-sudo-access to run all commands | |
%Linux-sudo-access ALL=(ALL) ALL | |
%Linux-sudo-access ALL=(APPUSERS) NOPASSWD: ALL | |
## Allow developers access to the shared environment users | |
<% if @hostname =~ /ps-[p]?migration-db/ -%> | |
Runas_Alias APPUSERS = dev,test,stage,prod,worker,gitlab-runner,migration | |
<% else -%> | |
Runas_Alias APPUSERS = dev,test,stage,prod,worker,gitlab-runner | |
<% end -%> | |
%Linux-access ALL=(APPUSERS) NOPASSWD: ALL | |
## Allows the devops user to deploy. This isn't used normally but is setup just in case we have an issue with AD and need to deploy with a local user | |
devops ALL=(APPUSERS) NOPASSWD: ALL | |
<% if @hostname =~ /ps-[p]?migration-db/ -%> | |
## Allows migration user to kick off script used for managing the migration env DBs | |
migration ALL=(root) NOPASSWD: /home/devops/scripts/migration_test.sh | |
<% end -%> | |
# See sudoers(5) for more information on "#include" directives: | |
#includedir /etc/sudoers.d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment