Forge Home

sudoers

Configure sudoers via Boxen

18,035 downloads

9,468 latest version

4.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.3.7 (latest)
  • 0.3.6
  • 0.3.5
  • 0.3.4
  • 0.3.3
  • 0.3.2
  • 0.3.1
  • 0.3.0
  • 0.2.3
  • 0.2.2
  • 0.2.1
  • 0.2.0
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
released Jul 18th 2017
This version is compatible with:
  • Darwin

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'halyard-sudoers', '0.3.7'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add halyard-sudoers
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install halyard-sudoers --version 0.3.7

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

halyard/sudoers — version 0.3.7 Jul 18th 2017

puppet-sudoers

Puppet Forge Dependency Status Build Status

Puppet module for creating sudoers user specifications

Usage

The following puppet declaration:

sudoers::allowed_command{ "acme":
  command          => "/usr/sbin/service",
  user             => "acme",
  require_password => false,
  comment          => "Allows access to the service command for the acme user"
}

Creates the file:

# /etc/sudoers.d/acme
acme ALL=(root) NOPASSWD: /usr/sbin/service

As user 'acme' you can now run the service command without a password, eg:

$ sudo service rsyslog restart

Parameters

The allowed_command type takes the following options (with defaults in brackets):

[*command*]               - the command you want to give access to, eg. '/usr/sbin/service'
[*filename*]              - the name of the file to be placed in /etc/sudoers.d/ ($title)
[*host*]                  - hosts which can run command (ALL)
[*run_as*]                - user to run the command as (root)
[*user*]                  - user to give access to
[*group*]                 - group to give access to
[*require_password*]      - require user to give password, setting to false sets 'NOPASSWD:' (true)
[*comment*]               - comment to add to the file
[*allowed_env_variables*] - allowed list of env variables ([])
[*require_exist*]         - Require the Group or User to exist. Setting this to false for example is needed if the user groups come from Active Directory. (true)