af9ed19d6b
* Added support for nested aliases: up to 5 levels deep instead of just one level * Added --resolve-alias/--alias command-line parameter to manually check the resolution any alias * Fixed propagation of --debug flag (to clients & slaves) * Fixed propagation of --create-dir flag (to clients & slaves) * Fixed problem in --fix-local routine (by adding optional --fix-user command-line parameter and code) * Fixed check when adding key to ssh-agent * Added checking on alias resolution in --check-syntax routine * Better trap setting * Added typeset-ing to vars * Switched version numbering (now date based) * Code cleanup (now error & warning free in shellcheck/perlcritic linters)
71 lines
2.4 KiB
Plaintext
71 lines
2.4 KiB
Plaintext
#******************************************************************************
|
|
# manage_sudo.sh configuration file
|
|
#******************************************************************************
|
|
#
|
|
# Lines starting with '#' (hash) are comment lines
|
|
#
|
|
# Format: option=<value>
|
|
#
|
|
# Use double or single quotes around the option values in case of strings.
|
|
#
|
|
|
|
# name of the user account performing the SUDO controls copies
|
|
# (leave blank for current user)
|
|
SUDO_TRANSFER_USER=""
|
|
|
|
# name of the UNIX group that should own the SUDO controls files (must exist already)
|
|
SUDO_OWNER_GROUP="sudoadmin"
|
|
|
|
# whether a 'chmod' needs to be executed after each sftp transfer [0=No; 1=Yes]
|
|
DO_SFTP_CHMOD=1
|
|
|
|
# extra arguments/options for the SFTP command
|
|
SFTP_ARGS="-o StrictHostKeyChecking=no -o ConnectTimeout=10 -b - "
|
|
|
|
# extra arguments/options for the SSH command
|
|
SSH_ARGS="-o StrictHostKeyChecking=no -o ConnectTimeout=10 -n"
|
|
|
|
# location of the local SUDO controls directory
|
|
LOCAL_DIR="/etc/sudo_master"
|
|
|
|
# location of the remote SUDO controls directory
|
|
REMOTE_DIR="/etc/sudo_controls/holding"
|
|
|
|
# name of the user account performing the SUDO controls update
|
|
# (leave blank for current user running script)
|
|
# user should have remote sudo root privs (except when using user 'root')
|
|
SUDO_UPDATE_USER=""
|
|
|
|
# options to pass to update_sudo.pl when executing a key update
|
|
SUDO_UPDATE_OPTS="--verbose"
|
|
|
|
# path to the visudo tool
|
|
VISUDO_BIN="/usr/sbin/visudo"
|
|
|
|
# path to the ssh-keyscan too
|
|
SSH_KEYSCAN_BIN="/usr/bin/ssh-keyscan"
|
|
|
|
# extra arguments/options for the ssh-keyscan command
|
|
# by default -f <file> is used by manage_sudo.sh to supply hostnames, do not add here
|
|
SSH_KEYSCAN_ARGS="-t rsa"
|
|
|
|
# whether to start an SSH agent process for the master->client operations [0=No; 1=Yes]
|
|
DO_SSH_AGENT=0
|
|
|
|
# location of the SSH private key that should be added to the SSH agent process
|
|
# must be a passphrase-less key (required when using DO_SSH_AGENT)
|
|
SSH_PRIVATE_KEY="$HOME/.ssh/id_rsa"
|
|
|
|
# maximum number of background process to spawn (~maxuprc, ~nstrpty etc)
|
|
MAX_BACKGROUND_PROCS=30
|
|
|
|
# location of the backup directory (for configuration & key files)
|
|
BACKUP_DIR="${LOCAL_DIR}/backup"
|
|
|
|
# location of log directory (default), see --log-dir)
|
|
LOG_DIR="/var/log"
|
|
|
|
#******************************************************************************
|
|
# End of FILE
|
|
#******************************************************************************
|