multiple line for user in technique sudoers
I'm use technique sudoers and when a user modify on the server /etc/sudoers with visudo, rudder add new line for this user and not repair or delete the other line of this user.
For example if i'm change line Debian-snmp on node and run again rudder agent i've two line :
Debian-snmp ALL=(ALL) NOPASSWD:/usr/bin/apt-get --simulate upgrade, /bin/grep, /bin/wget Debian-snmp ALL=(ALL) NOPASSWD:/usr/bin/apt-get --simulate upgrade, /bin/grep, /usr/bin/mailq
If i'm read the description of technique :
- This technique configures the sudo utility. It will ensure that the defined rights for given users and groups are correctly defined.
it does not seem to be really that :)
Sudoers version 3.0
Updated by François ARMAND about 5 years ago
- Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
- User visibility set to Operational - other Techniques | Technique editor | Rudder settings
- Priority changed from 0 to 75
Hum. The underlying implementation make that hard, and we fear that the technique need to be changed a lot to correct the underlying problem (use a template based approach? Add an "that user must have exactly that right an no other line" option?)