Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

sudoers

A simple template to semantically manage allowed commands in sudoers.d
Project URLRSS FeedReport issues

42,623 downloads

25,324 latest version

4.1 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.1.3 (latest)
  • 0.1.2
  • 0.1.1
  • 0.0.1
released Feb 6th 2017

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'phinze-sudoers', '0.1.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add phinze-sudoers
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install phinze-sudoers --version 0.1.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: sudo, sudoers

Documentation

phinze/sudoers — version 0.1.3 Feb 6th 2017

sudoers::allowed_command

Puppet module for creating sudoers user specifications

Build Status

Install

Using the Puppet Module Tool:

$ puppet module install phinze/sudoers

As a git submodule:

$ git submodule add git@github.com:phinze/puppet-sudoers.git modules/sudoers

Usage

The following puppet declaration:

sudoers::allowed_command{ "acme":
  command          => "/usr/sbin/service",
  user             => "acme",
  require_password => false,
  comment          => "Allows access to the service command for the acme user"
}

Creates the file:

# /etc/sudoers.d/acme
acme ALL=(root) NOPASSWD: /usr/sbin/service

As user 'acme' you can now run the service command without a password, eg:

$ sudo service rsyslog restart

Parameters

The allowed_command type takes the following options (with defaults in brackets):

[*command*]               - the command you want to give access to, eg. '/usr/sbin/service'
[*filename*]              - the name of the file to be placed in /etc/sudoers.d/ ($title)
[*host*]                  - hosts which can run command (ALL)
[*run_as*]                - user to run the command as (root)
[*user*]                  - user to give access to
[*group*]                 - group to give access to
[*require_password*]      - require user to give password, setting to false sets 'NOPASSWD:' (true)
[*comment*]               - comment to add to the file
[*allowed_env_variables*] - allowed list of env variables ([])
[*require_exist*]         - Require the Group or User to exist. Setting this to false for example is needed if the user groups come from Active Directory. (true)
[*no_tty*]                - remove default tty requirement (false)