diff --git a/sudo/files/sudoers b/sudo/files/sudoers
new file mode 100644
index 0000000..209b845
--- /dev/null
+++ b/sudo/files/sudoers
@@ -0,0 +1,13 @@
+# /etc/sudoers
+#
+# This file MUST NOT be edited. It is managed by puppet.
+#
+
+Defaults	env_reset
+Defaults	requiretty
+
+# Allow root to run any commands anywhere
+root		ALL=(ALL) ALL
+
+# Include managed users and groups
+#includedir	/etc/sudoers.d
diff --git a/sudo/manifests/init.pp b/sudo/manifests/init.pp
new file mode 100644
index 0000000..ec6eba6
--- /dev/null
+++ b/sudo/manifests/init.pp
@@ -0,0 +1,56 @@
+# Install sudo and sudoers file.
+#
+class sudo {
+
+    package { "sudo":
+        ensure => installed,
+    }
+
+    file { "/etc/sudoers.d":
+        ensure  => directory,
+        mode    => 0440,
+        owner   => root,
+        group   => root,
+        purge   => true,
+        force   => true,
+        recurse => true,
+        source  => "puppet:///custom/empty",
+        require => Package["sudo"],
+    }
+
+    file { "/etc/sudoers":
+        ensure  => present,
+        mode    => 0440,
+        owner   => root,
+        group   => root,
+        source  => "puppet:///sudo/sudoers",
+        require => File["/etc/sudoers.d"],
+    }
+
+}
+
+# Add sudoer.
+#
+# === Parameters
+#
+#   $name:
+#       User or group. Prefix group name with %.
+#   $where:
+#       Defaults to ALL.
+#   $as_whom:
+#       Defaults to ALL.
+#   $what:
+#       Defaults to ALL.
+#
+define sudo::sudoer($where="ALL", $as_whom="ALL", $what="ALL") {
+
+    file { "/etc/sudoers.d/${name}":
+        ensure  => present,
+        mode    => 0440,
+        owner   => root,
+        group   => root,
+        content => "${name}\t${where}=(${as_whom})\t${what}\n",
+        require => File["/etc/sudoers"],
+    }
+
+}