> On Jun 1, 2010, at 11:47 AM, Rob McBroom wrote:
>
>> I use Augeas for `sudoers`. This allows you to manage individual
entries,
>> instead of replacing the entire file. For instance, this will add an
>> entry for a user named “joe” unless that entry already exists.
>>
>> augeas { "sudojoe":
>> context => "/files/etc/sudoers",
>> changes => [
>> "set spec[last() + 1]/user joe",
>> "set spec[last()]/host_group/host ALL",
>> "set spec[last()]/host_group/command ALL",
>> "set spec[last()]/host_group/command/runas_user ALL",
>> ],
>> onlyif => "match *[user = 'joe'] size == 0",
>> }
I've only been following this thread on and off, so forgive me if someone
else mentioned it already - but one solution to your problem could be
pam_time. This allows you to create a file that lists when users can
access the system. If the people you are restricting are still accessing
the system 24/7 (and are only limited in commands they can run at certain
times), then this may not be the best solution for you.
However, if you only want certain users to be able to do certain things on
certain systems at certain times, this may be a better solution than
cron'ing jobs to modify files :)
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
