On Jun 1, 2010, at 11:47 AM, Rob McBroom wrote:
> I use Augeas for `sudoers`. This allows you to manage individual entries,
> instead of replacing the entire file. For instance, this will add an entry
> for a user named “joe” unless that entry already exists.
>
> augeas { "sudojoe":
> context => "/files/etc/sudoers",
> changes => [
> "set spec[last() + 1]/user joe",
> "set spec[last()]/host_group/host ALL",
> "set spec[last()]/host_group/command ALL",
> "set spec[last()]/host_group/command/runas_user ALL",
> ],
> onlyif => "match *[user = 'joe'] size == 0",
> }
As I posted that, I thought there might be a better way (even though I've been
using the above for weeks). Here's the better way:
augeas { "sudojoe":
context => "/files/etc/sudoers",
changes => [
"set spec[user = 'joe']/user joe",
"set spec[user = 'joe']/host_group/host ALL",
"set spec[user = 'joe']/host_group/command ALL",
"set spec[user = 'joe']/host_group/command/runas_user ALL",
],
}
This creates the user's entry only if it doesn't exist, but has the added
benefit that changes to the host, command, etc. will get applied to an existing
entry. The original would create an entry, but would never modify it if it
existed.
--
Rob McBroom
<http://www.skurfer.com/>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
