juju deploy sudo-pair
Discuss this charm
Share your thoughts on this charm with the community on discourse.
sudo_pair is a sudo plugin that ensure that no user can act entirely on their own authority within these systems. Once configured if a user tries to get root privileges, he will need an authorization from a pair that will monitor over his session.
cd sudo-pair charm build
Add to an existing application using juju-info relation.
juju deploy ubuntu juju deploy ./sudo-pair juju add-unit ubuntu juju add-relation ubuntu sudo-pair
The user can configure the following parameters:
root): This is a comma-separated list of group names that sudo_pair will gate access to. If a user is sudoing to a user that is a member of one of these groups, they will be required to have a pair approve their session.
none): This is a comma-separated list of group names whose users will be exempted from the requirements of sudo_pair. Note that this is not the opposite of the groups_enforced flag. Whereas groups_enforced gates access to groups, groups_exempted exempts users sudoing from groups. For instance, this setting can be used to ensure that oncall sysadmins can respond to outages without needing to find a pair.
none): This is a comma-separated list of full path commands that have to be bypassed from sudo pairing
none): This is the unix group for which the commands specified through bypass_cmds will be bypassed from sudo pairing approval
true): If true, auto approval is permitted.
Unit tests has been developed to test templates rendering for
To run unit tests:
tox -e unit
Deploy tests has been developed using python-libjuju
To run tests using python-libjuju:
tox -e functional
BootStack Charmers firstname.lastname@example.org