Version information
released Jun 21st 2020
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 3.8.0
- , , , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'eyp-sudoers', '0.1.35'Learn more about managing modules with a PuppetfileDocumentation
eyp/sudoers — version 0.1.35 Jun 21st 2020
sudoers
Table of Contents
Overview
Manage sudoers
Module Description
This module needs /etc/sudoers.d support, which is true for:
- RedHat 6 and up
- Ubuntu 10.04 and up.
Setup
What sudoers affects
- Unless overwrite_sudoers is false, /etc/sudoers
- Creates / deletes files on /etc/sudoers.d
Setup Requirements
This module requires pluginsync enabled
Beginning with sudoers
basic example:
class { 'sudoers': }
sudoers::sudo { 'vagrant':
withoutpassword => true,
}
Usage
Add users with full sudo access:
sudos:
adminuser:
withoutpassword: true
cpiscina: {}
mlleidebrad: {}
mtelevisio: {}
Restrict sudo to a specific command:
sudos:
ppt-deploy:
command: /etc/init.d/nginx
ppt-deploy-service:
username: bbt-deploy
command: /usr/bin/service
sudoers::defaults:
sudoers::defaults { '!requiretty':
username => 'nrpe',
}
Reference
classes
sudoers
- overwrite_sudoers: (default: true)
- visiblepw: (default: false)
- requiretty: (default: false)
- manage_package: (default: true)
- package_ensure: (default: installed)
- sudoersd_recurse: (default: true)
- sudoersd_purge: (default: true)
defines
cmdalias
- cmdname (default: resource's name)
- order (default: 10)
- command
useralias
- useraliasname (default: resource's name)
- order (default: 10)
- users
sudo
- username (default: resource's name)
- order (default: 10)
- from (default: ALL)
- users (default: ALL)
- command (default: ALL)
- withoutpassword (default: false)
Limitations
Tested on:
- CentOS 6
- CentOS 7
- Ubuntu 14.04
Development
We are pushing to have acceptance testing in place, so any new feature should have some test to check both presence and absence of any feature
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
CHANGELOG
0.1.35
- added support for Debian 8, 9 and 10
0.1.34
- added sudo configtest on refresh
0.1.33
- added support for Ubuntu 20.04
- added mode options to configure global default options
- lecture / lecture_file
- badpass_message
- passwd_timeout
- passwd_tries
- insults
0.1.32
- modified sudoers::sudo:
- description option
- allow users variable to be an array
0.1.31
- improved regex for sudoers.d files
0.1.30
- bugfix: sudo files cannot contain dots:
sudo will read each file in /etc/sudoers.d, skipping file names that end in ‘~’ or contain a ‘.’ character to avoid causing problems with package manager or editor temporary/backup files. Files are parsed in sorted lexical order. That is, /etc/sudoers.d/01_first will be parsed before /etc/sudoers.d/10_second. Be aware that because the sorting is lexical, not numeric, /etc/sudoers.d/1_whoops would be loaded after /etc/sudoers.d/10_second. Using a consistent number of leading zeroes in the file names can be used to avoid such problems.
0.1.29
- added support for RHEL 8
0.1.28
- added support for SLES 12.4
0.1.27
- added support for SLES 12.3
0.1.26
- dropped deprecated dependencies
0.1.25
- improved dependencies
0.1.24
- added support for Ubuntu 18.04
0.1.23
- added ensure for sudoers::sudo
0.1.22
- added sudo_timeout (timestamp_timeout)
0.1.21
- added support for SLES11SP3
0.1.20
- bugfix
0.1.19
- added sudoers::defaults
Dependencies
- puppetlabs/stdlib (>= 1.0.0 < 9.9.9)