73 lines
2.4 KiB
Plaintext
73 lines
2.4 KiB
Plaintext
#******************************************************************************
|
|
# manage_sudo.sh configuration file
|
|
#******************************************************************************
|
|
#
|
|
# Lines starting with '#' (hash) are comment lines
|
|
#
|
|
# Format: option=<value>
|
|
#
|
|
# Use double or single quotes around the option values in case of strings.
|
|
#
|
|
|
|
# name of the user account performing the SUDO controls copies
|
|
# (leave blank for current user)
|
|
SUDO_TRANSFER_USER=""
|
|
|
|
# name of the OS group that should own the SUDO controls files
|
|
SUDO_OWNER_GROUP="sudoadmin"
|
|
|
|
# whether a 'chmod' needs to be executed after each sftp transfer [0=No; 1=Yes]
|
|
DO_SFTP_CHMOD=1
|
|
|
|
# extra arguments/options for the SFTP command
|
|
SFTP_ARGS="-o StrictHostKeyChecking=no -o ConnectTimeout=10 -b - "
|
|
|
|
# extra arguments/options for the SSH command
|
|
SSH_ARGS="-o StrictHostKeyChecking=no -o ConnectTimeout=10 -n"
|
|
|
|
# location of the local SUDO controls directory
|
|
LOCAL_DIR="/etc/sudo_master"
|
|
|
|
# location of the remote SUDO controls directory
|
|
REMOTE_DIR="/etc/sudo_controls/holding"
|
|
|
|
# name of the user account performing the SUDO controls update
|
|
# (leave blank for current user but user should have remote sudo root privs)
|
|
SUDO_UPDATE_USER=""
|
|
|
|
# options to pass to update_sudo.pl when executing a key update
|
|
SUDO_UPDATE_OPTS="--verbose"
|
|
|
|
# path to the visudo tool
|
|
VISUDO_BIN="/usr/sbin/visudo"
|
|
|
|
# path to the ssh-keyscan too
|
|
SSH_KEYSCAN_BIN="/usr/bin/ssh-keyscan"
|
|
|
|
# extra arguments/options for the ssh-keyscan command
|
|
# by default -f <file> is used by manage_sudo.sh to supply hostnames, do not add here
|
|
SSH_KEYSCAN_ARGS="-t rsa"
|
|
|
|
# whether to start an SSH agent process for the master->client operations [0=No; 1=Yes]
|
|
DO_SSH_AGENT=0
|
|
|
|
# whether to start an SSH agent process for the master->slave->client operations [0=No; 1=Yes]
|
|
DO_SSH_SLAVE_AGENT=0
|
|
|
|
# location of the SSH private key that should be added to the SSH agent process
|
|
# must be a passphrase-less key (required when using DO_SSH_AGENT, DO_SSH_SLAVE_AGENT)
|
|
SSH_PRIVATE_KEY="$HOME/.ssh/id_rsa"
|
|
|
|
# maximum number of background process to spawn (~maxuprc, ~nstrpty etc)
|
|
MAX_BACKGROUND_PROCS=30
|
|
|
|
# location of the backup directory (for configuration & key files)
|
|
BACKUP_DIR="${LOCAL_DIR}/backup"
|
|
|
|
# location of log directory (default), see --log-dir)
|
|
LOG_DIR="/var/log"
|
|
|
|
#******************************************************************************
|
|
# End of FILE
|
|
#******************************************************************************
|