ReleaseEngineering/PuppetAgain/Modules/sudoers
From MozillaWiki
< ReleaseEngineering | PuppetAgain | Modules
This module manages the sudoers file.
It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions.
The sudoers module is included in the toplevel::base, and ensures a basic sudoers config. Atop that can be layered both pre-defined additional rules, and custom rules.
Pre-defined Rules
There are a few "canned" rules that serve particular purposes:
- sudoers::reboot - allow the builder user to reboot with no password
Canned rules like this should be used when they are included from a toplevel class.
Custom Rules
To add a custom rule, e.g., from another module, use
sudoers::custom { 'rulename': user => 'username', # user being given permission command => 'command'; # command they can run }