Manage sudo package and configuration files in /etc/sudoers.d/
Must have at least version 1.7.2 of sudo, which is where includedir was introduced.
This module has been tested to work on the following systems with Puppet versions 5, 6 and 7 with the Ruby version associated with those releases. This module aims to support the current and previous major Puppet versions.
- Debian 7
- Debian 8
- EL 5
- EL 6
- EL 7
- SLED 10
- SLED 11
- SLED 12
- SLES 10
- SLES 11
- SLES 12
- Solaris 9
- Solaris 10
- Solaris 11
- Ubuntu 12.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 16.04 LTS
Package to be installed. Accept string or array.
- Default: 'sudo'
Source attribute of $package
- Default: undef
Ensure attribute of $package
- Default: 'present'
Manage sudo package or not. Accept string or boolean.
- Default: 'true'
Path to adminfile for package installation
- Default: undef
Path to sudoers include dir.
- Default: '/etc/sudoers.d'
Group attribute of $config_dir
- Default: 'root'
Mode attribute of $config_dir
- Default: '0750'
Ensure attribute of $config_dir
- Default: 'directory'
Purge attribute of $config_dir
- Default: 'true'
Hash of sudoers passed to sudo::fragments
- Default: undef
Manage $config_file file and files under $config_dir. Accepts string and boolean.
- Default: 'true'
Path to sudoers file
- Default: '/etc/sudoers',
Group of $config_file
- Default: 'root'
Owner of $config_file
- Default: 'root'
Mode of $config_file
- Default: '0440'
Enable requiretty option in sudoers file
- Default: 'true'
Enable visiblepw option in sudoers file
- Default: 'false'
Enable always_set_home option in sudoers file
- Default: 'true'
Enable envreset option in sudoers file
- Default: 'true'
Array of environment variables for envkeep option in sudoers file
- Default: ['COLORS','DISPLAY','HOSTNAME','HISTSIZE','INPUTRC','KDEDIR','LS_COLORS','MAIL','PS1','PS2','QTDIR','USERNAME','LANG','LC_ADDRESS','LC_CTYPE','LC_COLLATE','LC_IDENTIFICATION','LC_MEASUREMENT','LC_MESSAGES','LC_MONETARY','LC_NAME','LC_NUMERIC','LC_PAPER','LC_TELEPHONE','LC_TIME','LC_ALL','LANGUAGE','LINGUAS','_XKB_CHARSET','XAUTHORITY']
String of secure path in sudoers file
- Default: '/sbin:/bin:/usr/sbin:/usr/bin'
Enable sudo rule in sudoers file for root to get full access
- Default: 'true'
Enable inclusion of fragments directory in sudoers file. Requires sudo >= 1.7.2
- Defaults: 'true'
Enable inclusion of libsudo_vas plugin. Requires sudo >= 1.8
- Defaults: 'false'
Location of libsudo_vas plugin
- Defaults: 'USE_DEFAULTS', based on architecture
Sets Defaults option 'always_query_group_plugin'. Previously all unknown system groups was automatically passed to the group plugin. This is no longer the case since 1.8.15. To pass unknown system groups to group_plugin 'always_query_group_plugin' must be set.
Sudo lines with the syntax below will always use group_plugin to resolve groups. plugin for that specific entry:
%:Group
- Defaults: 'USE_DEFAULTS'
This option is automatically enabled if include_libsudo_vas is set to true and $::sudo_version => 1.8.15.
Ensure attribute of the file created in $config_dir
- Default: present
Priority of the file
- Default: 10
Content attribute of file
- Default: undef
Source of the file
- Default: undef
Path to the folder
- Default: $sudo::config_dir
Group of the file
- Default: $sudo::config_dir_group
sudo for group admins and user userX through Hiera.
sudo::sudoers:
"admins":
content : "%admins ALL=(ALL) NOPASSWD: ALL"
"userX":
content : "USERX ALL=(ALL) ALL"