On May 7, 2010, at 9:45 AM, Pieter Baele wrote:
> We use a script to edit /etc/sudoers temporarily to provide sudo access to
> clients for a limited time.
> A cron job checks for a var and after a defined time the line is deleted.
>
> But this way, /etc/sudoers can't be managed by Puppet, because It will be
> overwritten by puppet.
I use Augeas for `sudoers`. This allows you to manage individual entries,
instead of replacing the entire file. For instance, this will add an entry for
a user named “joe” unless that entry already exists.
augeas { "sudojoe":
context => "/files/etc/sudoers",
changes => [
"set spec[last() + 1]/user joe",
"set spec[last()]/host_group/host ALL",
"set spec[last()]/host_group/command ALL",
"set spec[last()]/host_group/command/runas_user ALL",
],
onlyif => "match *[user = 'joe'] size == 0",
}
--
Rob McBroom
<http://www.skurfer.com/>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
