Skip to content

Instantly share code, notes, and snippets.

View kabturek's full-sized avatar

Marcin Domański kabturek

17 followers · 20 following
View GitHub Profile
@kabturek
kabturek / ansible-sudo-command-limiting.md
Created February 1, 2017 11:25 — forked from nanobeep/ansible-sudo-command-limiting.md

(Note: I wrote this up quickly and without a lot of research, so there are probably inaccuracies. However, I wanted to put this out there in case it helps someone else hitting this issue. Github gists like this unfortunately don't have comment notifications, so if you want me to send me a comment, use my email matt@nanobeep.com and not the comments.)

Problem: Can't use sudo command-limiting in Ansible

The ability to limit sudo users to only be able to execute certain commands doesn't work with Ansible (without a workaround).

This isn't a problem if you're running Ansible as a super-user like root, but if you are allowing others to run Ansible on your systems in order to do things like application deploys, then you need a way to limit their access to the system for basic security.

For example, a line in /etc/sudoers like this:

@kabturek
kabturek / spec_addon_helper.rb
Created March 29, 2013 10:47
def setup_env(env, environments)
Rails.stub(:env).and_return(env)
Rails.env.stub("#{env}?".to_sym).and_return(true)
environments.map { |e| Rails.env.stub("#{e}?".to_sym).and_return(false) }
end
def stub_env(new_environment, environments = ["test", "development", "staging", "production"], &block)
original_environment = Rails.env
environments.delete(new_environment)
@kabturek
kabturek / _carpet_catalog_items_index.js.haml
Created September 18, 2012 09:58 — forked from brandon-beacher/_carpet_catalog_items_index.js.haml
:ruby
puts catalog_items.map { |catalog_item|
{ 'carpet_detail' => catalog_item.carpet_detail,
'carpet_style_colors_manufacturer_name' => catalog_item.carpet_style_colors_manufacturer_name,
'carpet_style_name' => catalog_item.carpet_style_name,
'scene7_source' => scene7_source(catalog_item.carpet_style_colors_scene7_image_id),
'scene7_source_product_large' => scene7_source(catalog_item.carpet_style_colors_scene7_image_id, 'product-large'),
'scene7_source_product_small' => scene7_source(catalog_item.carpet_style_colors_scene7_image_id, 'product-small'),
'scene7_source_room_scene' => scene7_source(catalog_item.carpet_scene7_room_scene_image_id) }
}.to_json
@kabturek
kabturek / google_bot_aware.rb
Created May 18, 2012 11:11 — forked from rchampourlier/google_bot_aware.rb
Rack middleware to make Rails deal correctly with GoogleBot's '*/*;q=0.6' Accept header
# This Rack middleware helps solving the issue with some Rails versions which do not accept
# a '*/*;q=0.6' and their variants 'Accept' request header. This header is particularly used
# by Google Bot, and if Rails doesn't like it, it will return a 500 or 406 error to Google Bot,
# which is not the best way to get your pages indexed.
#
# References:
# - http://stackoverflow.com/questions/8881756/googlebot-receiving-missing-template-error-for-an-existing-template
# - https://github.com/rails/rails/issues/4127
#
class GoogleBotAware
@kabturek
kabturek / run_tags.rb
Created November 16, 2011 21:55 — forked from tobias/run_tags.rb
A script for generating TAGS from a git hook.
#!/usr/bin/env ruby
#-*-ruby-*-
# A script to run ctags on all .rb files in a project. Can be run on
# the current dir, called from a git callback, or install itself as a
# git post-merge and post-commit callback.
CTAGS = '/opt/local/bin/ctags'
HOOKS = %w{ post-merge post-commit post-checkout }
HOOKS_DIR = '.git/hooks'
@kabturek
kabturek / gist:358673
Created April 7, 2010 08:46 — forked from bshaffer/gist:328103
<?php
/*
* Extended Doctrine Query class providing a few additional functions
* for wrapping your where clauses more efficiently
*/
class Doctrine_Query_Extra extends Doctrine_Query
{
protected $_startClause = false;
/**