Test_sudoers

Summary
Test_sudoers
Augeas Tests
test_user
Sudoers.specSpec users can be aliases
Sudoers.specTicket #337: allow period in user names
Sudoers.specTicket #370: allow underscore in group names
Sudoers.specTicket #376: allow uppercase characters in user names
Sudoers.specallow + in user-/groupnames
Sudoers.specGH #262: Sudoers lens doesn’t support `!` for command aliases
Sudoers.specHandle multiple `!` properly in commands

Augeas Tests

test_user

test test_user get "root @pbuilder +secre-taries @my\ admin\ group EXAMPLE\\\\cslack MY\ EX-AMPLE\ 9\\\\cslack\ group " = { "user" = "root" } { "user" = "@pbuilder" } { "user" = "+secre-taries" } { "user" = "@my\\ admin\\ group" } { "user" = "EXAMPLE\\\\cslack" } { "user" = "MY\\ EX-AMPLE\\ 9\\\\cslack\\ group" } let conf = " Host_Alias LOCALNET = 192.168.0.0/24, localhost # User alias specification User_Alias EXAMPLE_ADMINS = cslack, EXAMPLE\\\\cslack,\ EXAMPLE\\\\jmalstrom # Cmnd alias specification Cmnd_Alias \ DEBIAN_TOOLS \ = \ /usr/bin/apt-get,\ /usr/bin/auto-get, \ /usr/bin/dpkg, /usr/bin/dselect, /usr/sbin/dpkg-reconfigure \ : PBUILDER = /usr/sbin/pbuilder Cmnd_Alias ICAL = /bin/cat /home/rpinson/.kde/share/apps/korganizer/std.ics Defaults@LOCALNET !lecture, \ \t\t tty_tickets,!fqdn, !!env_reset Defaults !visiblepw Defaults:buildd env_keep+=\"APT_CONFIG DEBIAN_FRONTEND SHELL\" Defaults!PBUILDER env_keep+=\"HOME ARCH DIST DISTRIBUTION PDEBUILD_PBUILDER\" # User privilege specification root ALL=(ALL) ALL root ALL=(: ALL) ALL root ALL=(ALL :ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL, NOPASSWD : NOSETENV: \ DEBIAN_TOOLS %pbuilder LOCALNET = NOPASSWD: PBUILDER www-data +biglab=(rpinson)NOEXEC: ICAL \ : \ localhost = NOPASSWD: /usr/bin/

Sudoers.spec

test Sudoers.spec get "APACHE_ADMIN ALL= ALL\n" = { "spec" { "user" = "APACHE_ADMIN" } { "host_group" { "host" = "ALL" } { "command" = "ALL" } } }

Spec users can be aliases

Sudoers.spec

test Sudoers.spec get "user.one somehost = ALL\n" = { "spec" { "user" = "user.one" } { "host_group" { "host" = "somehost" } { "command" = "ALL" } } }

Ticket #337: allow period in user names

Sudoers.spec

test Sudoers.spec get "%sudo_users ALL=(ALL) ALL\n" = { "spec" { "user" = "%sudo_users" } { "host_group" { "host" = "ALL" } { "command" = "ALL" { "runas_user" = "ALL" } } } }

Ticket #370: allow underscore in group names

Sudoers.spec

test Sudoers.spec get "%GrOup ALL = (ALL) ALL\n" = { "spec" { "user" = "%GrOup" } { "host_group" { "host" = "ALL" } { "command" = "ALL" { "runas_user" = "ALL" } } } }

Ticket #376: allow uppercase characters in user names

Sudoers.spec

test Sudoers.spec get "group+user somehost = ALL\n" = { "spec" { "user" = "group+user" } { "host_group" { "host" = "somehost" } { "command" = "ALL" } } }

allow + in user-/groupnames

Sudoers.spec

test Sudoers.spec get "%opssudoers ALL=(ALL) ALL, !!!BANNED\n" = { "spec" { "user" = "%opssudoers" } { "host_group" { "host" = "ALL" } { "command" = "ALL" { "runas_user" = "ALL" } } { "command" = "BANNED" { "negate" } } } }

GH #262: Sudoers lens doesn’t support `!` for command aliases

Sudoers.spec

test Sudoers.spec get "%opssudoers ALL=(ALL) ALL, !!!/bin/mount\n" = { "spec" { "user" = "%opssudoers" } { "host_group" { "host" = "ALL" } { "command" = "ALL" { "runas_user" = "ALL" } } { "command" = "/bin/mount" { "negate" } } } }

Handle multiple `!` properly in commands

test test_user get "root @pbuilder +secre-taries @my\ admin\ group EXAMPLE\\\\cslack MY\ EX-AMPLE\ 9\\\\cslack\ group " = { "user" = "root" } { "user" = "@pbuilder" } { "user" = "+secre-taries" } { "user" = "@my\\ admin\\ group" } { "user" = "EXAMPLE\\\\cslack" } { "user" = "MY\\ EX-AMPLE\\ 9\\\\cslack\\ group" } let conf = " Host_Alias LOCALNET = 192.168.0.0/24, localhost # User alias specification User_Alias EXAMPLE_ADMINS = cslack, EXAMPLE\\\\cslack,\ EXAMPLE\\\\jmalstrom # Cmnd alias specification Cmnd_Alias \ DEBIAN_TOOLS \ = \ /usr/bin/apt-get,\ /usr/bin/auto-get, \ /usr/bin/dpkg, /usr/bin/dselect, /usr/sbin/dpkg-reconfigure \ : PBUILDER = /usr/sbin/pbuilder Cmnd_Alias ICAL = /bin/cat /home/rpinson/.kde/share/apps/korganizer/std.ics Defaults@LOCALNET !lecture, \ \t\t tty_tickets,!fqdn, !!env_reset Defaults !visiblepw Defaults:buildd env_keep+=\"APT_CONFIG DEBIAN_FRONTEND SHELL\" Defaults!PBUILDER env_keep+=\"HOME ARCH DIST DISTRIBUTION PDEBUILD_PBUILDER\" # User privilege specification root ALL=(ALL) ALL root ALL=(: ALL) ALL root ALL=(ALL :ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL, NOPASSWD : NOSETENV: \ DEBIAN_TOOLS %pbuilder LOCALNET = NOPASSWD: PBUILDER www-data +biglab=(rpinson)NOEXEC: ICAL \ : \ localhost = NOPASSWD: /usr/bin/
test Sudoers.spec get "APACHE_ADMIN ALL= ALL\n" = { "spec" { "user" = "APACHE_ADMIN" } { "host_group" { "host" = "ALL" } { "command" = "ALL" } } }
Spec users can be aliases
Close