tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/sudo/manifests/init.pp
Ossi Salmi f70c8572a5 Lint fixes
2015-05-04 11:03:26 +03:00

112 lines
2.2 KiB
Puppet
Raw Permalink Blame History

# Install sudo and sudoers file.
#
class sudo {
if $::operatingsystem != "OpenBSD" {
package { "sudo":
ensure => installed,
before => File["/etc/sudoers.d"],
}
}
file { "/etc/sudoers.d":
ensure => directory,
mode => "0440",
owner => "root",
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
purge => true,
force => true,
recurse => true,
source => "puppet:///modules/custom/empty",
}
file { "/etc/sudoers":
ensure => present,
mode => "0440",
owner => "root",
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
source => "puppet:///modules/sudo/sudoers",
require => File["/etc/sudoers.d"],
}
}
# Install fake sudo
#
class sudo::fake {
file { "/usr/bin/sudo":
ensure => present,
mode => "0555",
owner => "root",
group => "root",
source => "puppet:///modules/sudo/fakesudo",
}
}
# Add sudoer.
#
# === Parameters
#
# $who:
# User or group. Prefix group name with %. Defaults to $name.
# $where:
# Defaults to ALL.
# $as_whom:
# Defaults to ALL.
# $what:
# Defaults to ALL.
#
define sudo::sudoer(
$who=undef,
$where="ALL",
$as_whom="ALL",
$what="ALL"
) {
if ! $who {
$who_real = $name
} else {
$who_real = $who
}
$name_real = regsubst($name, '%', '_')
file { "/etc/sudoers.d/${name_real}":
ensure => present,
mode => "0440",
owner => "root",
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
content => "${who_real}\t${where}=(${as_whom})\t${what}\n",
require => File["/etc/sudoers"],
}
}
# Disable sudo
#
# Cannot remove sudo package itself due to depencies
#
class sudo::disable {
exec { "chmod 0000 /usr/bin/sudo":
user => "root",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
onlyif => "test -u /usr/bin/sudo",
}
}
Reference in a new issue View git blame Copy permalink