Forge Home


Configure sudoers via Boxen

Les Aker



8,925 latest version

4.6 quality score

Version information

  • 0.3.7 (latest)
  • 0.3.6
  • 0.3.5
  • 0.3.4
  • 0.3.3
  • 0.3.2
  • 0.3.1
  • 0.3.0
  • 0.2.3
  • 0.2.2
  • 0.2.1
  • 0.2.0
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
released Jul 18th 2017
This version is compatible with:
  • Darwin

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'halyard-sudoers', '0.3.7'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add halyard-sudoers
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install halyard-sudoers --version 0.3.7

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



halyard/sudoers — version 0.3.7 Jul 18th 2017


Puppet Forge Dependency Status Build Status

Puppet module for creating sudoers user specifications


The following puppet declaration:

sudoers::allowed_command{ "acme":
  command          => "/usr/sbin/service",
  user             => "acme",
  require_password => false,
  comment          => "Allows access to the service command for the acme user"

Creates the file:

# /etc/sudoers.d/acme
acme ALL=(root) NOPASSWD: /usr/sbin/service

As user 'acme' you can now run the service command without a password, eg:

$ sudo service rsyslog restart


The allowed_command type takes the following options (with defaults in brackets):

[*command*]               - the command you want to give access to, eg. '/usr/sbin/service'
[*filename*]              - the name of the file to be placed in /etc/sudoers.d/ ($title)
[*host*]                  - hosts which can run command (ALL)
[*run_as*]                - user to run the command as (root)
[*user*]                  - user to give access to
[*group*]                 - group to give access to
[*require_password*]      - require user to give password, setting to false sets 'NOPASSWD:' (true)
[*comment*]               - comment to add to the file
[*allowed_env_variables*] - allowed list of env variables ([])
[*require_exist*]         - Require the Group or User to exist. Setting this to false for example is needed if the user groups come from Active Directory. (true)