ReleaseEngineering/PuppetAgain/Modules/sudoers: Difference between revisions

no edit summary
(Created page with "This module manages the sudoers file. It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions. In particular: * local -- you...")
 
No edit summary
Line 1: Line 1:
This module manages the sudoers file.
This module manages the sudoers file.


It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions. In particular:
It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions.


* local -- you can put one-off rules in here by hand, but of course, you wouldn't do that, right?
The ''sudoers'' module is included in the ''toplevel::base'', and ensures a basic sudoers config.  Atop that can be layered both pre-defined additional rules, and custom rules.
* reboot - allow cltbld to reboot with no password
 
= Pre-defined Rules =
 
There are a few "canned" rules that serve particular purposes:
 
* ''sudoers::reboot'' - allow the builder user to reboot with no password
 
Canned rules like this should be used when they are included from a toplevel class.
 
= Custom Rules =
 
To add a custom rule, e.g., from another module, use
 
  sudoers::custom {
      'rulename':
          user => 'username',    # user being given permission
          command => 'command';  # command they can run
  }
canmove, Confirmed users
1,394

edits