Puppet Class: sudo

Defined in:
manifests/init.pp

Overview

Class: sudo

Allow restricted root access for specified users. The sudo class is specifically created to be used from an ENC.

Parameters

sudoers

Hash of sudoers which will be created via sudo::sudoers.

manage_sudoersd

Boolean - should puppet clean /etc/sudoers.d/ of untracked files?

sudoers_file

File that should be installed as /etc/sudoers

Examples

$sudoers = {

'worlddomination' => {
  ensure  => 'present',
  comment => 'World domination.',
  users   => ['pinky', 'brain'],
  runas   => ['root'],
  cmnds   => ['/bin/bash'],
  tags    => ['NOPASSWD'],
}

}

class { ‘sudo’: sudoers => $sudoers }

Authors

Arnoud de Jonge <arnoud@de-jonge.org>

Copyright 2015 Arnoud de Jonge

Parameters:

  • sudoers (Any) (defaults to: {})
  • manage_sudoersd (Any) (defaults to: false)
  • sudoers_file (Any) (defaults to: '') 


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'manifests/init.pp', line 40

class sudo (
  $sudoers         = {},
  $manage_sudoersd = false,
  $sudoers_file    = ''
) {

  create_resources('sudo::sudoers', $sudoers)

  package { 'sudo':
    ensure  => latest
  }

  file { '/etc/sudoers.d/':
    ensure  => directory,
    owner   => 'root',
    group   => 'root',
    mode    => '0750',
    purge   => $manage_sudoersd,
    recurse => $manage_sudoersd,
    force   => $manage_sudoersd,
  }

  if $sudoers_file =~ /^puppet:\/\// {
    file { '/etc/sudoers':
      ensure => file,
      owner  => 'root',
      group  => 'root',
      mode   => '0440',
      source => $sudoers_file,
    }
  }

}