canmove, Confirmed users
1,394
edits
(Created page with "This module manages the sudoers file. It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions. In particular: * local -- you...") |
No edit summary |
||
Line 1: | Line 1: | ||
This module manages the sudoers file. | This module manages the sudoers file. | ||
It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions. | It sets up /etc/sudoers.d into which snippets of sudoers files can be dropped to enable particular actions. | ||
The ''sudoers'' module is included in the ''toplevel::base'', and ensures a basic sudoers config. Atop that can be layered both pre-defined additional rules, and custom rules. | |||
* reboot - allow | |||
= Pre-defined Rules = | |||
There are a few "canned" rules that serve particular purposes: | |||
* ''sudoers::reboot'' - allow the builder user to reboot with no password | |||
Canned rules like this should be used when they are included from a toplevel class. | |||
= Custom Rules = | |||
To add a custom rule, e.g., from another module, use | |||
sudoers::custom { | |||
'rulename': | |||
user => 'username', # user being given permission | |||
command => 'command'; # command they can run | |||
} |