CC: @kmosher @jynolen @daks.
#70 was merged quickly due to a regression but it appears that the directory mode should have been set to 755:
@daks Mentioned an InSpec test that could also be added:
#70 (comment)
Not sure why I set it to 440 but in fact on Debian 9 or 10 it's 755 so no problem for me to merge this PR as soon as possible.
One improvement could be to add a basic test on this directory mode, here https://github.com/saltstack-formulas/sudoers-formula/blob/master/test/integration/default/controls/config.rb, with something like
describe directory('/etc/sudoers.d/') do
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its('mode') { should cmp '0755' }
end
A better one (but I'm not sure I know how to run it) would be to set some NOPASSWD sudo rules and try to use it.
CC: @kmosher @jynolen @daks.
#70 was merged quickly due to a regression but it appears that the directory mode should have been set to
755:sudoers-formula/sudoers/included.sls
Line 16 in 9c7ef40
@daks Mentioned an InSpec test that could also be added:
#70 (comment)