sudo

A very flexible and well-tested puppet module for sudo
Justin Clayton

Justin Clayton

justinclayton

38,152 downloads

36,667 latest version

1.9 quality score

Version information

  • 1.1.0 (latest)
  • 1.0.0
released Jul 3rd 2019
This version is compatible with:
  • Puppet Enterprise 3.x
  • Puppet 3.x
  • RedHat
    ,
    CentOS
    ,
    Ubuntu

Start using this module

Tags: sudo, sudoers

Documentation

justinclayton/sudo — version 1.1.0 Jul 3rd 2019

Build Status

##Description

This module allows you to easily manage sudo, no matter how complex or simple your configuration needs to be. It is fully backwards-compatible with those sudo::conf defined types. It has been tested for quality using puppet-lint, rspec-puppet, and rspec-system.

##Installation

If you're using librarian-puppet, add a line to your Puppetfile:

mod 'justinclayton/sudo', '1.x'

##Usage

###Level 1

include sudo

This will install sudo and add its own sudoers file, but don't worry; that sudoers file still matches your OS flavor's defaults.

sudo::conf { 'dudr':
  content => 'dudr ALL=(ALL) NOPASSWD: ALL',
}

This will create a file called /etc/sudoers.d/dudr with the supplied content. Note that if you use sudo::conf you do not need to explicitly include sudo elsewhere.

###Level 2

class { 'sudo':
  manage_sudoersd => false,
}

By default this module wants to manage the entire suoders.d directory, which includes removing any files not explicitly managed by this module. While this can be very good for keeping a handle on configs outside of puppet, there are cases (particularly during an initial transition to puppet) where you will want to allow for both. Disabling manage_sudoersd allows for this.

class { 'sudo':
  keep_os_defaults     => false,
  sudoers_file_content => template('mymodule/sudoers.erb'),
}

If you know what you're doing and want to build a sudoers file from scratch (including ignoring what the OS tries to do for you), the above code can make that happen for you.

###Level 3

class { 'sudo':
  keep_os_defaults => false,
  defaults_hash    => {
    requiretty     => false,
    visiblepw      => true,
  },
  confs_hash       => {
    'dudr'         => {
      ensure       => present,
      content      => 'dudr ALL=(ALL) NOPASSWD: ALL',
    },
    'fudr'         => {
      ensure       => present,
      content      => 'fudr ALL=(ALL): /bin/echo',
    },
  },
}

As an alternative to sprinkling sudo::conf resources all throughout your codebase, you may wish to consolidate all your data into a single manifest, or be even more fancy and pull it in from something like hiera. This module makes this a snap by allowing you to pass a hash of sudo::conf resources as a class parameter.