Change default setting of a "Default" without a template and without rewriting RHEL defaults
Closed this issue · 1 comments
OS: RHEL 7
I want to keep all OS defaults, but change "env_reset" to false, and require_tty to false.
How do I do this without creating my own template, and, without manually setting all defaults in my manifest?
If I set keep_os_defaults to true, I get two files in /etc/sudoers.d/. One with Defaults require_tty (and other OS defaults), and the other with Defaults !require_tty (which is the setting that I want). This doesn't actually do what I want, as sudo now complains I have no tty :(
@felipe1982 - I did end up coming up with a workaround without doing anything extra and I've confirmed everything still works.
Background Info
We only configure sudo rules for users through /etc/sudoers.d/<username> and as you mentioned above, if you were not aware, sudo will parse the files in ASCII alphabetical order. Which means a filename like /etc/sudoers.d/amy or /etc/sudoers.d/melvin would get trumped by /etc/sudoers.d/os_defaults.
Solution:
# sudo::conf expects that we have a template, but we cheat and turn it
# into a string using stdlib join.
# NOTE: you must use double quotes here or RUBY won't honor the newline.
$user_sudoers_entry = join($sudo_rules, "\n")
# In order to handle ASCII lexical parsing of sudoers.d/<filename> we
# have to hack around how os_defaualts is presented on the system.
class { 'sudo':
keep_os_defaults => false,
} ->
sudo::conf { $title:
content => $user_sudoers_entry,
} ->
sudo::defaults { '00_os_defaults':
defaults_hash => $sudo::params::os_defaults,
}
I only configure suders through a single module so this is what I cam up with and it works very well. I also wrote tests around it in our implementation to make sure it works.
I'm thinking I'll probably see if @justinclayton will accept a pull request to address this issue? If so, i'll get one in and make sure to write tests as well.