Is there any way we can avoid having chmod in /etc/sudoers file?
This line in sudoers file makes me very uncomfortable
https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a
723
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l723>
724
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l724>
class sudoersConfig(serviceCfgBase):
725
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l725>
def __init__(self, syscfg):
726
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l726>
super(sudoersConfig, self).__init__(syscfg)
727
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l727>
self.serviceName = "sudoers"
728
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l728>
def config(self):
729
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l729>
try:
730
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l730>
cfo = configFileOps("/etc/sudoers", self)
731
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l731>
cfo.addEntry("cloud ALL ", "NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount")
732
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l732>
cfo.rmEntry("Defaults", "requiretty", " ")
733
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l733>
cfo.save()
734
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l734>
return True
735
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l735>
except:
736
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l736>
raise
737
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l737>
738
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l738>
def restore(self):
739
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l739>
return True
740
<https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob;f=python/lib/cloudutils/serviceConfig.py;hb=a10a9d522c56f707a9674f1486f58697e8c5206a#l740>
Can this be avoided?
- sudo chmod - bad practice ilya musayev
-
