Puppet Class: sudo

Defined in:
manifests/init.pp

Overview

This class handles the deployment of the sudoers(5) file and the installation of sudo(8) if necessary.

Examples:

include sudo

Parameters:

  • visudo_cmd (String)

    The full path to the visudo(8) command validate content

  • sudoers_file (String)

    The full path to the sudoers(5) file

  • sudoers_tmp (String)

    The full path to a temporary sudoers file

  • package_name (String)

    The name of the package containing the sudo(8) binary

  • requiretty (Boolean) (defaults to: false)

    Boolean value for sudoers(5) option ‘requiretty’

  • visiblepw (Boolean) (defaults to: false)

    Boolean value for sudoers(5) option ‘visiblepw’

  • always_set_home (Boolean) (defaults to: true)

    Boolean value for sudoers(5) option ‘always_set_home’

  • template (String) (defaults to: 'sudo/sudoers.erb')

    String value the template to deploy for sudoers

  • cmd (String) 


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'manifests/init.pp', line 16

class sudo (
  String $cmd,
  String $visudo_cmd,
  String $sudoers_file,
  String $sudoers_tmp,
  String $package_name,
  Boolean $requiretty      = false,
  Boolean $visiblepw       = false,
  Boolean $always_set_home = true,
  String $template         = 'sudo/sudoers.erb',
){

  package { $package_name:
    ensure => installed,
    before => Exec['check-sudoers'],
  }

  concat::fragment { 'sudoers-header':
    order   => '00',
    target  => $sudoers_tmp,
    content => template($template),
  }

  concat { $sudoers_tmp:
    mode   => '0440',
    notify => Exec['check-sudoers'],
  }

  exec { 'check-sudoers':
    command => "${visudo_cmd} -cf ${sudoers_tmp} && cp ${sudoers_tmp} ${sudoers_file}",
    unless  => "/usr/bin/diff ${sudoers_tmp} ${sudoers_file}",
  }

  file { $sudoers_file:
    owner => 'root',
    group => '0',
    mode  => '0440',
  }
}