Forge Home

sudo

partner
Manage sudo

SIMP

simp

15,818 downloads

715 latest version

5.0 quality score

Version information

  • 5.4.0 (latest)
  • 5.3.2
  • 5.3.1
  • 5.3.0
  • 5.2.1
  • 5.2.0
  • 5.1.2
  • 5.1.1
  • 5.0.6
  • 5.0.5
  • 5.0.4
  • 5.0.3
  • 5.0.2
  • 5.0.1
  • 4.1.3
  • 4.1.2
released Jul 7th 2021
This version is compatible with:
  • Puppet Enterprise 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.22.1 < 8.0.0
  • CentOS
    ,
    RedHat
    ,
    OracleLinux

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-sudo', '5.4.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-sudo
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-sudo --version 5.4.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: sudo, simp

Documentation

simp/sudo — version 5.4.0 Jul 7th 2021

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

sudo

Table of Contents

  1. Module Description - What the module does and why it is useful
  2. Setup - The basics of getting started with sudo
  3. Usage - Configuration options and additional functionality
  4. Reference
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module
  7. Acceptance Tests

Module Description

Constructs a sudoers file based on configuration aliases, defaults, and user specifications.

Setup

What sudo affects

sudo will ensure the sudo package is installed, and will manage /etc/sudoers.

Setup Requirements

The only necessary steps to begin using sudo is the install pupmod-simp-sudo into your modulepath

Beginning with sudo

To create the default SIMP /etc/sudoers file:

include 'sudo'

Usage

Add a user to sudoers

Giving a user root permissions

# NOTE: '%' in sudo signifies a group
# %powerusers is the powerusers group

sudo::user_specification { 'power_users':
  user_list => [ 'persona', 'personb', '%powerusers' ],
  runas     => 'root',
  cmnd      => [ '/bin/su root', '/bin/su - root' ]
}

Giving a system user access to a command without root

sudo::user_specification { 'myapp':
  user_list => [ 'myappuser' ],
  runas     => 'root',
  cmnd      => [ '/usr/bin/someservice' ],
  passwd    => false,
}

Create a sudo default entry

To create a defaults line in sudoers:


# Creates Defaults   requiretty, syslog=authpriv, !root_sudo, !umask, env_reset

sudo::default_entry { '00_main':
  content => [ 'requiretty',
               'syslog=authpriv',
               '!root_sudo',
               '!umask',
               'env_reset',
             ],
}

Create an alias

To create the following alias in sudoers: User_Alias FULLTIMERS = millert, mikef, dowdy

sudo::alias { 'FULLTIMERS':
  content => [ 'millert','mikef','dowdy' ],
  alias_type => 'user'
}

Additionally, these may be called by additional defined types for user, cmnd, host, or runas for easier readibility:

sudo::alias::user { 'FULLTIMERS':
  content => [ 'millert','mikef','dowdy' ],
}

Reference

Classes

Public Classes

  • sudo: Handles main /etc/sudoers file

Defined Types

Limitations

SIMP Puppet modules are generally intended to be used on a Red Hat Enterprise Linux-compatible distribution.

Development

Please read our Contribution Guide.

If you find any issues, they can be submitted to our JIRA.

Acceptance tests

To run the system tests, you need Vagrant installed.

You can then run the following to execute the acceptance tests:

   bundle exec rake beaker:suites

Some environment variables may be useful:

   BEAKER_debug=true
   BEAKER_provision=no
   BEAKER_destroy=no
   BEAKER_use_fixtures_dir_for_modules=yes
  • BEAKER_debug: show the commands being run on the STU and their output.
  • BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
  • BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
  • BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.