check one file for syntax and rm params fixes #223 #302
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I don't understand what makes you think that If |
Before that all sudoers files were checked for syntax and when an application would have created a suders file with a permission/syntax error the file managed by puppet would be deleted. But the file managed by puppet would not have a syntax error. This could also occur if an application creates a file with permission 0400 instead of 0440 which is demanded by visudo. Removed delete_on_error: Now puppet will not create the file if it has a syntax error by default. Before that, syntax / permission errors in other files would also lead to deletion or error which makes no sense. Removed validate_single: Previously all files were always validated no matter which value validate_single had. This makes no sense, so remove parameter. Removed conf parameter sudo_syntax_path as the exec that used it was removed. Validation is now only via validate_cmd of the puppet file resource.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before that all sudoers files were checked for
syntax and when an application would have
created a suders file with a permission/syntax
error the file managed by puppet would be deleted. But the file managed by puppet would not have a
syntax error.
This could also occur if an application creates
a file with permission 0400 instead of 0440 which
is demanded by visudo.
Removed delete_on_error: Now puppet will not
create the file if it has a syntax error by
default. Before that, syntax / permission
errors in other files would also lead to
deletion or error which makes no sense.
Removed validate_single: Previously all
files were always validated no matter which
value validate_single had. This makes no
sense, so remove parameter.
Removed conf parameter sudo_syntax_path as
the exec that used it was removed. Validation
is now only via validate_cmd of the puppet
file resource.