From af84d86ac814a0800268c83b08a42877e0fb8995 Mon Sep 17 00:00:00 2001
From: Theo Chatzimichos <tampakrap@gmail.com>
Date: Mar 31 2017 19:55:14 +0000
Subject: /etc/sudoers: remove 'ALL ALL=(ALL) ALL' and 'Defaults targetpw'


this way we can have users added to the wheel group, that can give
themselves root access via 'sudo -i' and using their own user password
instead of using the root password

---

diff --git a/pillar/common.sls b/pillar/common.sls
index c08a275..0657007 100644
--- a/pillar/common.sls
+++ b/pillar/common.sls
@@ -118,10 +118,7 @@ sudoers:
       - env_reset
       - env_keep="LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
       - '!insults'
-      - targetpw
   users:
-    ALL:
-      - 'ALL=(ALL) ALL'
     root:
       - 'ALL=(ALL) ALL'
   includedir: /etc/sudoers.d