kudos/sudo_controls
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change options & fixes

Browse Source 
DO_SFTP_CHMOD=1 + fixes
This commit is contained in:
Patrick Van der Veken 2015-08-28 09:00:47 +02:00
commit 86f8d01dfe
3 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manage_sudo.conf
View File

@ -16,8 +16,8 @@ SUDO_TRANSFER_USER=""
# name of the OS group that should own the SUDO controls files # name of the OS group that should own the SUDO controls files
SUDO_OWNER_GROUP="sudoadmin" SUDO_OWNER_GROUP="sudoadmin"
# whether a 'chmod' needs to be executed after each sftp transfer [0=Yes; 1=No] # whether a 'chmod' needs to be executed after each sftp transfer [0=No; 1=Yes]
DO_SFTP_CHMOD=0 DO_SFTP_CHMOD=1
# extra arguments/options for the SFTP command # extra arguments/options for the SFTP command
SFTP_ARGS="-o StrictHostKeyChecking=no -o ConnectTimeout=10 -b - " SFTP_ARGS="-o StrictHostKeyChecking=no -o ConnectTimeout=10 -b - "

9
manage_sudo.sh
View File

@ -41,7 +41,8 @@
# @(#) 2015-08-26: added DO_SFTP_CHMOD configuration parameter to avoid # @(#) 2015-08-26: added DO_SFTP_CHMOD configuration parameter to avoid
# @(#) setstat failures with sftp_file() when remote file # @(#) setstat failures with sftp_file() when remote file
# @(#) permissions do not allow (VRF 1.2.1) [Patrick Van der Veken] # @(#) permissions do not allow (VRF 1.2.1) [Patrick Van der Veken]
# @(#) 2015-08-28: check_config() update (VRF 1.2.2) [Patrick Van der Veken] # @(#) 2015-08-27: smmall fix in sftp_file() (VRF 1.2.2) [Patrick Van der Veken]
# @(#) 2015-08-28: check_config() update (VRF 1.2.3) [Patrick Van der Veken]
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
# DO NOT CHANGE THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING! # DO NOT CHANGE THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING!
#****************************************************************************** #******************************************************************************
@ -55,7 +56,7 @@
# or LOCAL_CONFIG_FILE instead # or LOCAL_CONFIG_FILE instead
# define the V.R.F (version/release/fix) # define the V.R.F (version/release/fix)
MY_VRF="1.2.2" MY_VRF="1.2.3"
# name of the global configuration file (script) # name of the global configuration file (script)
GLOBAL_CONFIG_FILE="manage_sudo.conf" GLOBAL_CONFIG_FILE="manage_sudo.conf"
# name of the local configuration file (script) # name of the local configuration file (script)
@ -678,14 +679,14 @@ OLD_PWD=$(pwd) && cd ${TRANSFER_DIR}
# transfer, (possibly) chmod the file to/on the target server (keep STDERR) # transfer, (possibly) chmod the file to/on the target server (keep STDERR)
if (( DO_SFTP_CHMOD )) if (( DO_SFTP_CHMOD ))
then then
sftp ${SFTP_ARGS} ${SSH_TRANSFER_USER}@${TRANSFER_HOST} >/dev/null <<EOT sftp ${SFTP_ARGS} ${SUDO_TRANSFER_USER}@${TRANSFER_HOST} >/dev/null <<EOT
cd ${REMOTE_DIR} cd ${REMOTE_DIR}
put ${SOURCE_FILE} put ${SOURCE_FILE}
chmod ${TRANSFER_PERMS} ${SOURCE_FILE} chmod ${TRANSFER_PERMS} ${SOURCE_FILE}
EOT EOT
SFTP_RC=$? SFTP_RC=$?
else else
sftp ${SFTP_ARGS} ${SSH_TRANSFER_USER}@${TRANSFER_HOST} >/dev/null <<EOT sftp ${SFTP_ARGS} ${SUDO_TRANSFER_USER}@${TRANSFER_HOST} >/dev/null <<EOT
cd ${REMOTE_DIR} cd ${REMOTE_DIR}
put ${SOURCE_FILE} put ${SOURCE_FILE}
EOT EOT

5
update_sudo.pl
View File

@ -44,7 +44,7 @@ use File::Temp qw(tempfile);
# ------------------------- CONFIGURATION starts here ------------------------- # ------------------------- CONFIGURATION starts here -------------------------
# define the V.R.F (version/release/fix) # define the V.R.F (version/release/fix)
my $MY_VRF = "1.1.1"; my $MY_VRF = "1.1.2";
# name of global configuration file (no path, must be located in the script directory) # name of global configuration file (no path, must be located in the script directory)
my $global_config_file = "update_sudo.conf"; my $global_config_file = "update_sudo.conf";
# name of localized configuration file (no path, must be located in the script directory) # name of localized configuration file (no path, must be located in the script directory)
@ -55,7 +55,7 @@ my $selinux_context = "etc_t";
# initialize variables # initialize variables
my ($debug, $verbose, $preview, $global, $use_fqdn) = (0,0,0,0,0); my ($debug, $verbose, $preview, $global, $use_fqdn) = (0,0,0,0,0);
my (@config_files, $fragments_dir, $visudo_bin, $immutable_self_file, $immutable_self_cmd); my (@config_files, $fragments_dir, $visudo_bin, $immutable_self_file, $immutable_self_cmd);
my (%options, %aliases, %frags, @grants); my (%options, @uname, %aliases, %frags, @grants);
my ($os, $host, $hostname, $run_dir); my ($os, $host, $hostname, $run_dir);
my ($selinux_status, $selinux_context, $has_selinux) = ("","",0); my ($selinux_status, $selinux_context, $has_selinux) = ("","",0);
$|++; $|++;
@ -743,3 +743,4 @@ S< >Show version of the script.
@(#) 2015-02-02: VRF 1.0.3: changed 'basename' into 'fileparse' call to support fragment files with extensions [Patrick Van der Veken] @(#) 2015-02-02: VRF 1.0.3: changed 'basename' into 'fileparse' call to support fragment files with extensions [Patrick Van der Veken]
@(#) 2015-08-18: VRF 1.1.0: replace uname/hostname syscalls, now support for FQDN via $use_fqdn, other fixes [Patrick Van der Veken] @(#) 2015-08-18: VRF 1.1.0: replace uname/hostname syscalls, now support for FQDN via $use_fqdn, other fixes [Patrick Van der Veken]
@(#) 2015-08-26: VRF 1.1.1: small and not so small fixes [Patrick Van der Veken] @(#) 2015-08-26: VRF 1.1.1: small and not so small fixes [Patrick Van der Veken]
@(#) 2015-08-27: VRF 1.1.2: small fix [Patrick Van der Veken]