ReleaseEngineering/PuppetAgain/Modules/sudoers

From MozillaWiki
Jump to: navigation, search

This module manages the sudoers file.

It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions.

The sudoers module is included in the toplevel::base, and ensures a basic sudoers config. Atop that can be layered both pre-defined additional rules, and custom rules.

Pre-defined Rules

There are a few "canned" rules that serve particular purposes:

  • sudoers::reboot - allow the builder user to reboot with no password

Canned rules like this should be used when they are included from a toplevel class.

Custom Rules

To add a custom rule, e.g., from another module, use

 sudoers::custom {
     'rulename':
         user => 'username',    # user being given permission
         command => 'command';  # command they can run
 }