Last active
December 16, 2015 09:08
-
-
Save calvinchengx/5410560 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def show_sudo_users_and_groups(ug, nopasswd): | |
""" | |
Helper function that prints out users and groups with sudo (or no passwd sudo) rights. | |
""" | |
ug_users = [] | |
ug_groups = [] | |
nopasswd_string = "" | |
if nopasswd: | |
nopasswd_string = "no password " | |
if not ug: | |
print(red("There are no users or groups with {0}sudo rights.".format(nopasswd_string))) | |
return ug_users, ug_groups | |
for item in ug: | |
if item[0] == "%": | |
ug_groups.append(item[1:]) | |
else: | |
ug_users.append(item) | |
if ug_users: | |
print(green("Users with {0}sudo rights:".format(nopasswd_string))) | |
print(cyan(ug_users)) | |
else: | |
print(red("No users with {0}sudo rights".format(nopasswd_string))) | |
if ug_groups: | |
print(green("Groups with {0}sudo rights:".format(nopasswd_string))) | |
print(cyan(ug_groups)) | |
else: | |
print(red("No groups with {0}sudo rights".format(nopasswd_string))) | |
print("\n") # just formatting | |
return ug_users, ug_groups | |
@task | |
@set_target_env | |
def sudo_users_and_groups(nopasswd=False): | |
""" | |
Usage: `fab -R dev server.sudo_users_and_groups:nopasswd`. nopasswd(optional)=True/False. | |
""" | |
env.user = "root" | |
nopasswd_string = "" | |
nopasswd_string2 = "" | |
if nopasswd: | |
nopasswd_string = "NOPASSWD: " | |
nopasswd_string2 = "no password " | |
print(magenta("Retrieving users and groups with {0}sudo rights".format(nopasswd_string2))) | |
ug = run(""" | |
line="ALL=(ALL) {0}ALL"; | |
result=$(grep -v "#" /etc/sudoers | grep '{0}ALL$' | sed "s/$line//g"); | |
echo $result; | |
""".format(nopasswd_string)).split() | |
return show_sudo_users_and_groups(ug, nopasswd) | |
# Example usage and results | |
calvin % fab -R all server.sudo_users_and_groups | |
Retrieving users and groups with sudo rights | |
[node1.mysite.com] run: | |
line="ALL=(ALL) ALL"; | |
result=$(grep -v "#" /etc/sudoers | grep 'ALL$' | sed "s/$line//g"); | |
echo $result; | |
[node1.mysite.com] out: root %wheel %sudo | |
[node1.mysite.com] out: | |
Users with sudo rights: | |
['root'] | |
Groups with sudo rights: | |
['wheel', 'sudo'] | |
[node2.mysite.com] Executing task 'server.sudo_users_and_groups' | |
Retrieving users and groups with sudo rights | |
[node2.mysite.com] run: | |
line="ALL=(ALL) ALL"; | |
result=$(grep -v "#" /etc/sudoers | grep 'ALL$' | sed "s/$line//g"); | |
echo $result; | |
[node2.mysite.com] out: root %wheel %sudo | |
[node2.mysite.com] out: | |
Users with sudo rights: | |
['root'] | |
Groups with sudo rights: | |
['wheel', 'sudo'] | |
[node3.mysite.com] Executing task 'server.sudo_users_and_groups' | |
Retrieving users and groups with sudo rights | |
[node3.mysite.com] run: | |
line="ALL=(ALL) ALL"; | |
result=$(grep -v "#" /etc/sudoers | grep 'ALL$' | sed "s/$line//g"); | |
echo $result; | |
[node3.mysite.com] out: root | |
[node3.mysite.com] out: | |
Users with sudo rights: | |
['root'] | |
No groups with sudo rights | |
Done. | |
Disconnecting from node1.mysite.com... done. | |
Disconnecting from node2.mysite.com... done. | |
Disconnecting from node3.mysite.com... done. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment