/puppet-module-sudo

Puppet module to manage sudo

Primary LanguageRubyApache License 2.0Apache-2.0

puppet-module-sudo

Manage sudo package and configuration files in /etc/sudoers.d/

Build Status

Requirements

Must have at least version 1.7.2 of sudo, which is where includedir was introduced.

Parameters

package

Package to be installed. Accept string or array.

  • Default: 'sudo'

package_source

Source attribute of $package

  • Default: undef

package_ensure

Ensure attribute of $package

  • Default: 'present'

package_manage

Manage sudo package or not. Accept string or boolean.

  • Default: 'true'

package_adminfile

Path to adminfile for package installation

  • Default: undef

config_dir

Path to sudoers include dir.

  • Default: '/etc/sudoers.d'

config_dir_group

Group attribute of $config_dir

  • Default: 'root'

config_dir_mode

Mode attribute of $config_dir

  • Default: '0750'

config_dir_ensure

Ensure attribute of $config_dir

  • Default: 'directory'

config_dir_purge

Purge attribute of $config_dir

  • Default: 'true'

sudoers

Hash of sudoers passed to sudo::fragments

  • Default: undef

sudoers_manage

Manage $config_file file and files under $config_dir. Accepts string and boolean.

  • Default: 'true'

config_file

Path to sudoers file

  • Default: '/etc/sudoers',

config_file_group

Group of $config_file

  • Default: 'root'

config_file_owner

Owner of $config_file

  • Default: 'root'

config_file_mode

Mode of $config_file

  • Default: '0440'

requiretty

Enable requiretty option in sudoers file

  • Default: 'true'

visiblepw

Enable visiblepw option in sudoers file

  • Default: 'false'

always_set_home

Enable always_set_home option in sudoers file

  • Default: 'true'

envreset

Enable envreset option in sudoers file

  • Default: 'true'

envkeep

Array of environment variables for envkeep option in sudoers file

  • Default: ['COLORS','DISPLAY','HOSTNAME','HISTSIZE','INPUTRC','KDEDIR','LS_COLORS','MAIL','PS1','PS2','QTDIR','USERNAME','LANG','LC_ADDRESS','LC_CTYPE','LC_COLLATE','LC_IDENTIFICATION','LC_MEASUREMENT','LC_MESSAGES','LC_MONETARY','LC_NAME','LC_NUMERIC','LC_PAPER','LC_TELEPHONE','LC_TIME','LC_ALL','LANGUAGE','LINGUAS','_XKB_CHARSET','XAUTHORITY']

secure_path

String of secure path in sudoers file

  • Default: '/sbin:/bin:/usr/sbin:/usr/bin'

root_allow_all

Enable sudo rule in sudoers file for root to get full access

  • Default: 'true'

includedir

Enable inclusion of fragments directory in sudoers file. Requires sudo >= 1.7.2

  • Defaults: 'true'

include_libsudo_vas

Enable inclusion of libsudo_vas plugin. Requires sudo >= 1.8

  • Defaults: 'false'

libsudo_vas_location

Location of libsudo_vas plugin

  • Defaults: 'USE_DEFAULTS', based on architecture

sudo::fragment parameters

ensure

Ensure attribute of the file created in $config_dir

  • Default: present

priority

Priority of the file

  • Default: 10

content

Content attribute of file

  • Default: undef

source

Source of the file

  • Default: undef

config_dir

Path to the folder

  • Default: $sudo::config_dir

config_dir_group

Group of the file

  • Default: $sudo::config_dir_group

Sample usage:

sudo for group admins and user userX through Hiera.

sudo::sudoers:
  "admins":
    content : "%admins ALL=(ALL) NOPASSWD: ALL\n"
  "userX":
    content : "USERX ALL=(ALL) ALL\n"