On 07/20/2011 09:37 PM, Jon Jaroker wrote:
Hello, I was wondering if anyone can spot the mistake I am making in
the file-fragments pattern below.
You probably want to drop ALL your fragments into the
fragments directory, including the head fragment.
Use naming conventions to establish order.
Then the exec that validates should use a command like
cat $dir/* > $check && visudoers -cf $check && cat $check >
/etc/sudoers
get it all done in a one-liner that early-outs on error. $check is just
file { $check: ensure => file, mode => 600, owner => root, }
to make sure it is there with the right properties.
For what it's worth, here is a simple sudo class.
It works on distros that provide the /etc/sudoers.d directory.
Tested on debian squeeze.
--vagn
define sudo::sudoer() {
$username = "$name"
include sudo
file { "/etc/sudoers.d/$username":
content => "$username ALL=(ALL) ALL\n",
mode => 440, owner => root, group => root,
require => Package[ "sudo" ],
}
}
define sudo::nopasswd() {
$username = "$name"
include sudo
file { "/etc/sudoers.d/$username":
content => "$username ALL=NOPASSWD: ALL\n",
mode => 440, owner => root, group => root,
require => Package[ "sudo" ],
}
}
class sudo() {
package { "sudo":
ensure => installed,
}
file { "/usr/bin/sus":
content => "if [ $# -eq 0 ] ; then exec sudo su - ;
else exec sudo \"$@\" ; fi",
mode => 775, owner => root, group => root,
require => Package[ "sudo" ],
}
}
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
