Version information
released Jun 21st 2020
This version is compatible with:
- Puppet Enterprise 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 3.8.0
- , , , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'eyp-sudoers', '0.1.35'
Learn more about managing modules with a PuppetfileDocumentation
eyp/sudoers — version 0.1.35 Jun 21st 2020
sudoers
Table of Contents
Overview
Manage sudoers
Module Description
This module needs /etc/sudoers.d support, which is true for:
- RedHat 6 and up
- Ubuntu 10.04 and up.
Setup
What sudoers affects
- Unless overwrite_sudoers is false, /etc/sudoers
- Creates / deletes files on /etc/sudoers.d
Setup Requirements
This module requires pluginsync enabled
Beginning with sudoers
basic example:
class { 'sudoers': }
sudoers::sudo { 'vagrant':
withoutpassword => true,
}
Usage
Add users with full sudo access:
sudos:
adminuser:
withoutpassword: true
cpiscina: {}
mlleidebrad: {}
mtelevisio: {}
Restrict sudo to a specific command:
sudos:
ppt-deploy:
command: /etc/init.d/nginx
ppt-deploy-service:
username: bbt-deploy
command: /usr/bin/service
sudoers::defaults:
sudoers::defaults { '!requiretty':
username => 'nrpe',
}
Reference
classes
sudoers
- overwrite_sudoers: (default: true)
- visiblepw: (default: false)
- requiretty: (default: false)
- manage_package: (default: true)
- package_ensure: (default: installed)
- sudoersd_recurse: (default: true)
- sudoersd_purge: (default: true)
defines
cmdalias
- cmdname (default: resource's name)
- order (default: 10)
- command
useralias
- useraliasname (default: resource's name)
- order (default: 10)
- users
sudo
- username (default: resource's name)
- order (default: 10)
- from (default: ALL)
- users (default: ALL)
- command (default: ALL)
- withoutpassword (default: false)
Limitations
Tested on:
- CentOS 6
- CentOS 7
- Ubuntu 14.04
Development
We are pushing to have acceptance testing in place, so any new feature should have some test to check both presence and absence of any feature
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
CHANGELOG
0.1.35
- added support for Debian 8, 9 and 10
0.1.34
- added sudo configtest on refresh
0.1.33
- added support for Ubuntu 20.04
- added mode options to configure global default options
- lecture / lecture_file
- badpass_message
- passwd_timeout
- passwd_tries
- insults
0.1.32
- modified sudoers::sudo:
- description option
- allow users variable to be an array
0.1.31
- improved regex for sudoers.d files
0.1.30
- bugfix: sudo files cannot contain dots:
sudo will read each file in /etc/sudoers.d, skipping file names that end in ‘~’ or contain a ‘.’ character to avoid causing problems with package manager or editor temporary/backup files. Files are parsed in sorted lexical order. That is, /etc/sudoers.d/01_first will be parsed before /etc/sudoers.d/10_second. Be aware that because the sorting is lexical, not numeric, /etc/sudoers.d/1_whoops would be loaded after /etc/sudoers.d/10_second. Using a consistent number of leading zeroes in the file names can be used to avoid such problems.
0.1.29
- added support for RHEL 8
0.1.28
- added support for SLES 12.4
0.1.27
- added support for SLES 12.3
0.1.26
- dropped deprecated dependencies
0.1.25
- improved dependencies
0.1.24
- added support for Ubuntu 18.04
0.1.23
- added ensure for sudoers::sudo
0.1.22
- added sudo_timeout (timestamp_timeout)
0.1.21
- added support for SLES11SP3
0.1.20
- bugfix
0.1.19
- added sudoers::defaults
Dependencies
- puppetlabs/stdlib (>= 1.0.0 < 9.9.9)