Forge Home


A very flexible and well-tested puppet module for sudo


38,574 latest version

1.9 quality score

Version information

  • 1.1.0 (latest)
  • 1.0.0
released Jul 8th 2014
This version is compatible with:
  • Puppet Enterprise 3.x
  • Puppet 3.x
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'justinclayton-sudo', '1.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add justinclayton-sudo
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install justinclayton-sudo --version 1.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Tags: sudo, sudoers


justinclayton/sudo — version 1.1.0 Jul 8th 2014

Build Status


This module allows you to easily manage sudo, no matter how complex or simple your configuration needs to be. It is fully backwards-compatible with those sudo::conf defined types. It has been tested for quality using puppet-lint, rspec-puppet, and rspec-system.


If you're using librarian-puppet, add a line to your Puppetfile:

mod 'justinclayton/sudo', '1.x'


###Level 1

include sudo

This will install sudo and add its own sudoers file, but don't worry; that sudoers file still matches your OS flavor's defaults.

sudo::conf { 'dudr':
  content => 'dudr ALL=(ALL) NOPASSWD: ALL',

This will create a file called /etc/sudoers.d/dudr with the supplied content. Note that if you use sudo::conf you do not need to explicitly include sudo elsewhere.

###Level 2

class { 'sudo':
  manage_sudoersd => false,

By default this module wants to manage the entire suoders.d directory, which includes removing any files not explicitly managed by this module. While this can be very good for keeping a handle on configs outside of puppet, there are cases (particularly during an initial transition to puppet) where you will want to allow for both. Disabling manage_sudoersd allows for this.

class { 'sudo':
  keep_os_defaults     => false,
  sudoers_file_content => template('mymodule/sudoers.erb'),

If you know what you're doing and want to build a sudoers file from scratch (including ignoring what the OS tries to do for you), the above code can make that happen for you.

###Level 3

class { 'sudo':
  keep_os_defaults => false,
  defaults_hash    => {
    requiretty     => false,
    visiblepw      => true,
  confs_hash       => {
    'dudr'         => {
      ensure       => present,
      content      => 'dudr ALL=(ALL) NOPASSWD: ALL',
    'fudr'         => {
      ensure       => present,
      content      => 'fudr ALL=(ALL): /bin/echo',

As an alternative to sprinkling sudo::conf resources all throughout your codebase, you may wish to consolidate all your data into a single manifest, or be even more fancy and pull it in from something like hiera. This module makes this a snap by allowing you to pass a hash of sudo::conf resources as a class parameter.