Jérémy Dubois
78686b8730
Fix #34 again After some discussions, with actually need two separates groups : - One group for ssh access (evobsd_ssh_group) - One group for sudo/doas access (evobsd_sudo_group) We won't need any client group. A client user will be added to the ssh group, so that we won't have to think about what specific group a user need to be added in.
18 lines
1.2 KiB
Django/Jinja
18 lines
1.2 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
permit setenv {SSH_AUTH_SOCK SSH_TTY PKG_PATH HOME=/root ENV=/root/.profile} :{{ evobsd_sudo_group }}
|
|
permit nopass root
|
|
permit setenv {ENV PS1 SSH_AUTH_SOCK SSH_TTY} nopass :{{ evobsd_sudo_group }} as root cmd /usr/share/scripts/evomaintenance.sh
|
|
permit nopass _collectd as root cmd /bin/cat
|
|
permit nopass _collectd as root cmd /usr/sbin/bgpctl
|
|
permit nopass _nrpe as root cmd /sbin/bioctl args sd2
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/check_mailq
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/check_dhcp
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl.sh
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospfd
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ospf6d
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openbgpd
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_pf_states
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_connections_state.sh
|
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|