left4me: validate sudoers file with visudo before install
A malformed /etc/sudoers.d/left4me would lock sudo on the target (blast radius: every other bundle using sudo at apply time). bw's file: items support test_with, which runs the supplied command on the locally-rendered file before transfer. Use it to gate the sudoers file on visudo -cf — analogous to the visudo -cf check the original deploy script ran inline (deploy-test-server.sh:186).
This commit is contained in:
parent
80d2a79b97
commit
433c403ddc
SSH key fingerprint:
SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
1 changed files with 1 additions and 0 deletions
|
|
@ -84,6 +84,7 @@ files = {
|
||||||
'mode': '0440',
|
'mode': '0440',
|
||||||
'owner': 'root',
|
'owner': 'root',
|
||||||
'group': 'root',
|
'group': 'root',
|
||||||
|
'test_with': 'visudo -cf {}',
|
||||||
},
|
},
|
||||||
'/etc/sysctl.d/99-left4me.conf': {
|
'/etc/sysctl.d/99-left4me.conf': {
|
||||||
'source': 'etc/sysctl.d/99-left4me.conf',
|
'source': 'etc/sysctl.d/99-left4me.conf',
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue