ReleaseEngineering/PuppetAgain/Modules/sudoers: Difference between revisions
< ReleaseEngineering | PuppetAgain | Modules
Jump to navigation
Jump to search
(Created page with "This module manages the sudoers file. It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions. In particular: * local -- you...") |
No edit summary |
||
| Line 1: | Line 1: | ||
This module manages the sudoers file. | This module manages the sudoers file. | ||
It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions. | It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions. | ||
The ''sudoers'' module is included in the ''toplevel::base'', and ensures a basic sudoers config. Atop that can be layered both pre-defined additional rules, and custom rules. | |||
* reboot - allow | |||
= Pre-defined Rules = | |||
There are a few "canned" rules that serve particular purposes: | |||
* ''sudoers::reboot'' - allow the builder user to reboot with no password | |||
Canned rules like this should be used when they are included from a toplevel class. | |||
= Custom Rules = | |||
To add a custom rule, e.g., from another module, use | |||
sudoers::custom { | |||
'rulename': | |||
user => 'username', # user being given permission | |||
command => 'command'; # command they can run | |||
} | |||
Revision as of 01:59, 15 May 2012
This module manages the sudoers file.
It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions.
The sudoers module is included in the toplevel::base, and ensures a basic sudoers config. Atop that can be layered both pre-defined additional rules, and custom rules.
Pre-defined Rules
There are a few "canned" rules that serve particular purposes:
- sudoers::reboot - allow the builder user to reboot with no password
Canned rules like this should be used when they are included from a toplevel class.
Custom Rules
To add a custom rule, e.g., from another module, use
sudoers::custom {
'rulename':
user => 'username', # user being given permission
command => 'command'; # command they can run
}