Open myii opened 3 years ago
CC: @kmosher @jynolen @daks.
755
https://github.com/saltstack-formulas/sudoers-formula/blob/9c7ef4068cc9a27bf318fdf6bf4103a5a65d2d3e/sudoers/included.sls#L16
@daks Mentioned an InSpec test that could also be added:
https://github.com/saltstack-formulas/sudoers-formula/pull/70#issuecomment-734289741
Not sure why I set it to 440 but in fact on Debian 9 or 10 it's 755 so no problem for me to merge this PR as soon as possible. One improvement could be to add a basic test on this directory mode, here https://github.com/saltstack-formulas/sudoers-formula/blob/master/test/integration/default/controls/config.rb, with something like describe directory('/etc/sudoers.d/') do it { should be_owned_by 'root' } it { should be_grouped_into 'root' } its('mode') { should cmp '0755' } end A better one (but I'm not sure I know how to run it) would be to set some NOPASSWD sudo rules and try to use it.
Not sure why I set it to 440 but in fact on Debian 9 or 10 it's 755 so no problem for me to merge this PR as soon as possible.
440
One improvement could be to add a basic test on this directory mode, here https://github.com/saltstack-formulas/sudoers-formula/blob/master/test/integration/default/controls/config.rb, with something like
describe directory('/etc/sudoers.d/') do it { should be_owned_by 'root' } it { should be_grouped_into 'root' } its('mode') { should cmp '0755' } end
A better one (but I'm not sure I know how to run it) would be to set some NOPASSWD sudo rules and try to use it.
NOPASSWD
CC: @kmosher @jynolen @daks.
70 was merged quickly due to a regression but it appears that the directory mode should have been set to
755:https://github.com/saltstack-formulas/sudoers-formula/blob/9c7ef4068cc9a27bf318fdf6bf4103a5a65d2d3e/sudoers/included.sls#L16
@daks Mentioned an InSpec test that could also be added:
https://github.com/saltstack-formulas/sudoers-formula/pull/70#issuecomment-734289741