Explicitly prevent `sudo` access for user module

To deny a user elevated access, you can omit the `sudo` key from the `users` dictionary. This works fine however it's implicitly defined based on defaults of `cloud-init`. If the project moves to have `sudo` access allowed for all by default (quite unlikely but still possible) this will catch a few people out. This introduces the ability to define an explicit `sudo: False` in the `users` dictionary and it will prevent `sudo` access. The behaviour is identical to omitting the key. LP: #1771468
author: Jacob Bednarz <jacob.bednarz@gmail.com> 2018-06-19 16:04:17 -0600
committer: Chad Smith <chad.smith@canonical.com> 2018-06-19 16:04:17 -0600
commit: 4d69fb44a5607e16843537be26758893f2dd79be (patch)
tree: b30aba78a37957245a4ac1d368efb1181096933d /cloudinit/distros/__init__.py
parent: 4ce6720104ec92d8d7c5aa993bf7ec405a2f53db (diff)
download: vyos-cloud-init-4d69fb44a5607e16843537be26758893f2dd79be.tar.gz
vyos-cloud-init-4d69fb44a5607e16843537be26758893f2dd79be.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py
index 6c22b07f..ab0b0776 100755
--- a/cloudinit/distros/__init__.py
+++ b/cloudinit/distros/__init__.py
@@ -531,7 +531,7 @@ class Distro(object):
             self.lock_passwd(name)
 
         # Configure sudo access
-        if 'sudo' in kwargs:
+        if 'sudo' in kwargs and kwargs['sudo'] is not False:
             self.write_sudo_rules(name, kwargs['sudo'])
 
         # Import SSH keys
author	Jacob Bednarz <jacob.bednarz@gmail.com>	2018-06-19 16:04:17 -0600
committer	Chad Smith <chad.smith@canonical.com>	2018-06-19 16:04:17 -0600
commit	4d69fb44a5607e16843537be26758893f2dd79be (patch)
tree	b30aba78a37957245a4ac1d368efb1181096933d /cloudinit/distros/__init__.py
parent	4ce6720104ec92d8d7c5aa993bf7ec405a2f53db (diff)
download	vyos-cloud-init-4d69fb44a5607e16843537be26758893f2dd79be.tar.gz vyos-cloud-init-4d69fb44a5607e16843537be26758893f2dd79be.zip