How to edit templates

NethServer Version: 7.4
Module: samba

Hello. I’m new to Nethserver but I know CentOS. What is the recommended way to edit templates? I prefer to use sudo instead of logging in as root over SSH.

I see one solution from here:

echo "%powerusers	ALL=(ALL)	ALL" > /etc/sudoers.d/90powerusers
chmod 440  /etc/sudoers.d/90powerusers

Is this the best way? I don’t see the reason for making a separate group if we already have the adm group.
I am also confused about why the sudoers template is located in /etc instead of under /etc/e-smith like all the rest.

The file suggested to add is not a template, it will be a real file outside of e-smith and so will not be overwritten by a template expansion.

There is only one e-smith controlled file in that directory:

ls -l /etc/e-smith/templates/etc/sudoers.d/
total 0
drwxr-xr-x 2 root root 20 Jul 24 21:03 30_nethserver_cockpit_roles

Cheers.

In /etc/sudoers.d/ I have several files:

10_nethserver
20_nethserver_backup_config
20_nethserver_base
20_nethserver_directory
20_nethserver_httpd_admin
20_nethserver_sssd
90_nethserver_nextcloud

and the first one begins with the usual warning like this so it looks like part of the template system:

# ================= DO NOT MODIFY THIS FILE =================
# 
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
# 

Also, inside /etc/e-smith/templates/etc/sudoers/ I have some different files:

00adm_commands
20diagtools
20shorewall
30nethserver_adm

Follow-up question: How do I restart a particular service such as samba so it rewrites the smb.conf from my new templates?

To write config files and restart relevant services:

signal-event nethserver-samba-update

Just write config file:

expand-template /etc/...

http://docs.nethserver.org/projects/nethserver-devel/en/latest/templates.html#the-expansion-of-templates

@mrmarkuz thanks, that works. For now I am logged in as root, but I am still trying to understand how sudoers works here. I thought all templates are contained within /etc/e-smith/ but like I wrote above, I have sudoers template fragments in both places.

I think that /etc/sudoers.d/10_nethserver was copied or was a template some time ago because it’s definitely no template anymore.

It’s a little bit confusing because the sudoers config files have the same naming style as template fragments.

In your case it’s fully ok to put the config file to /etc/sudoers.d/

@mrmarkuz
I’m now not so sure about /etc/sudoers.d/10_nethserver being outside of e-smith, because of this:

cat /etc/e-smith/templates.metadata/etc/sudoers
PERMS=0440
OUTPUT_FILENAME="/etc/sudoers.d/10_nethserver"

I think this one is a little more subtle in the way it’s built. Building /etc/sudoers doesn’t create a file of the same name, like most other templates.

Cheers.

I think some time ago only /etc/sudoers was used. Then it changed and one may put the files to /etc/sudoers.d. To migrate the old sudoers file it was moved to /etc/sudoers.d/10_nethserver via template.metadata.

It turns out I didn’t need to change sudoers at all. I just had to create a user in the command-line and add to the wheel group. Apparently the web GUI keeps a separate list of users and passwords, so you have to add users in both places. I didn’t find this anywhere in the documentation. If anyone else is stuck on this, the commands are like this:

# useradd elliott
# usermod -a -G wheel elliott

the magic of esmith template are also in templates.metadata

[root@ns7loc12 ~]# cat /etc/e-smith/templates.metadata/etc/sudoers
PERMS=0440
OUTPUT_FILENAME="/etc/sudoers.d/10_nethserver"

With it you can define who is the owner of the file, the permission, and where to expand the file.

As I am alone to edit the template, I personally use root, but the best security strategy could be to disable root and use only a full sudo delegated user (like ubuntu does)

https://wiki.nethserver.org/doku.php?id=esmith:template

Note: This method does not work if your users are logging in with AD credentials.