sudo: This module manages sudosudo::allow: Creates a file in sudoers.d that permits specific users and groups to sudo.
sudo::package: Installs the sudo package on various platforms.sudo::package::aix: Install the perzl.org sudo package. It also requires the openldap rpm. so we add a dependencies to the ldap module.sudo::package::solaris: install sudo under solaris 10/11.sudo::params: Params class for the sudo module
sudo::conf: Manages sudo configuration snippets
sudo::defaults: Formats sudoers defaults config see https://linux.die.net/man/5/sudoers Default_Type ::= 'Defaults' | 'Defaults' '@
Sudo::Defaults: sudo defaultsSudo::Defaults_operator: custom datatype that validates sudo defaults operators
This module manages sudo
class { 'sudo': }The following parameters are available in the sudo class:
enablepackagepackage_managepackage_ldappackage_ensurepackage_sourcepackage_providerpackage_admin_filepurgepurge_ignoresuffixprefixconfig_fileconfig_file_replaceconfig_file_modeconfig_dirconfig_dir_modeextra_include_dirscontentcontent_templatecontent_stringsecure_pathldap_enabledelete_on_errorvalidate_singleconfig_dir_keepmeuse_sudoreplaywheel_configsudoreplay_discardconfigsdefaults
Data type: Boolean
Ensure if present or absent.
Default value: true
Data type: Optional[String[1]]
Name of the package. Only set this, if your platform is not supported or you know, what you're doing.
Default value: $sudo::params::package
Data type: Boolean
Whether or not to manage the sudo package.
Default value: true
Data type: Optional[String[1]]
Name of the package with ldap support, if ldap_enable is set.
Default value: $sudo::params::package_ldap
Data type: String[1]
Allows you to ensure a particular version of a package
Default value: $sudo::params::package_ensure
Data type: Optional[String[1]]
Where to find the package. Only set this on AIX (required) and Solaris (required), if your platform is not supported or you know, what you're doing.
Default value: $sudo::params::package_source
Data type: Optional[String[1]]
Allows you to set a package provider.
Default value: $sudo::params::package_provider
Data type: Optional[String[1]]
Where to find a Solaris 10 package admin file for an unattended installation. We do not supply a default file, so this has to be staged separately and is required on Solaris 10.
Default value: $sudo::params::package_admin_file
Data type: Boolean
Whether or not to purge sudoers.d directory
Default value: true
Data type: Optional[Variant[String[1], Array[String[1]]]]
Files to exclude from purging in sudoers.d directory
Default value: undef
Data type: Optional[String[1]]
Adds a custom suffix to all files created in sudoers.d directory.
Default value: undef
Data type: Optional[Pattern[/^[^.]+$/]]
Adds a custom prefix to all files created in sudoers.d directory.
Default value: undef
Data type: String[1]
Main configuration file. Only set this, if your platform is not supported or you know, what you're doing.
Default value: $sudo::params::config_file
Data type: Boolean
Wether or not the config file should be replaced.
Default value: true
Data type: String[1]
The mode to set on the config file.
Default value: $sudo::params::config_file_mode
Data type: String[1]
Main directory containing sudo snippets, imported via includedir stanza in sudoers file
Default value: $sudo::params::config_dir
Data type: String[1]
The mode to set for the config directory.
Default value: $sudo::params::config_dir_mode
Data type: Optional[Array[String[1]]]
Array of additional directories containing sudo snippets
Default value: undef
Data type: Optional[String[1]]
Alternate content template file location Deprecated, use content_template instead.
Default value: undef
Data type: Optional[String[1]]
Alternate content template file location Only set this, if your platform is not supported or you know, what you're doing. Note: some parameters won't work, if default template isn't used
Default value: undef
Data type: Optional[String[1]]
Alternate config file content string Note: some parameters won't work, if default template isn't used
Default value: undef
Data type: Optional[String[1]]
The secure_path variable in sudoers.
Default value: $sudo::params::secure_path
Data type: Boolean
Enable ldap support on the package
Default value: false
Data type: Boolean
True if you want that the configuration is deleted on an error during a complete visudo -c run. If false it will just return an error and will add a comment to the sudoers configuration so that the resource will be checked at the following run.
Default value: true
Data type: Boolean
Do a validate on the "single" file in the sudoers.d directory. If the validate fail the file will not be saved or changed if a file already exist.
Default value: false
Data type: Boolean
Add a .keep-me file to the config dir
Default value: $sudo::params::config_dir_keepme
Data type: Boolean
Boolean to enable the usage of sudoreplay.
Default value: false
Data type: Enum['absent','password','nopassword']
How to configure the wheel group in /etc/sudoers Options are either not to configure it it, configure it prompting for password, or configuring it without password prompt.
Default value: $sudo::params::wheel_config
Data type: Optional[Array[String[1]]]
Array of additional command to discard in sudo log.
Default value: undef
Data type: Hash
A hash of sudo::conf's
Default value: {}
Data type: Sudo::Defaults
Default value: $sudo::params::defaults
This class allows you to take complete advantage of automatic parameter lookup using a Hiera database. Providing a singleton class that accepts arrays in the parameters makes it possible to implement specific user or group configuration in Hiera, whereas the use of defined types is normally restricted to Puppet manifests.
Furthermore, having separate parameters for "add" and "replace" modes allows you to take full advantage of inheritance in the Hiera database while still allowing for exceptions if required.
class { 'sudo::allow':
add_users => ['jsmith'],
add_groups => ['wheel'],
}The following parameters are available in the sudo::allow class:
Data type: Array
Define the set of users with sudo privileges by getting all values in the hierarchy for this key, then flattening them into a single array of unique values.
Default value: []
Data type: Array
Define the set of groups with sudo privileges by getting all values in the hierarchy for this key, then flattening them into a single array of unique values.
Default value: []
Data type: Optional[Array]
Override any values specified in add_users. If you specify this value in your manifest or Hiera database, the contents of "add_users" will be ignored. With Hiera, a standard priority lookup is used. Note that if replace_users is specified at ANY level of the hierarchy, then add_users is ignored at EVERY level of the hierarchy.
Default value: undef
Data type: Optional[Array]
Override any values specified in add_groups. If you specify this value in your manifest or Hiera database, the contents of "add_groups" will be ignored. With Hiera, a standard priority lookup is used. Note that if replace_groups is specified at ANY level of the hierarchy, then add_groups is ignored at EVERY level of the hierarchy.
Default value: undef
Define: sudo::conf
sudo::conf { 'admins':
source => 'puppet:///files/etc/sudoers.d/admins',
}The following parameters are available in the sudo::conf defined type:
Data type: Enum['present', 'absent']
Ensure if present or absent
Default value: present
Data type: Integer[0]
Prefix file name with $priority
Default value: 10
Data type: Optional[Variant[Array[String[1]], String[1]]]
Content of configuration snippet
Default value: undef
Data type: Optional[String[1]]
Source of configuration snippet
Default value: undef
Data type: Optional[String[1]]
Path of a template file
Default value: undef
Data type: Optional[String[1]]
Where to place configuration snippets. Only set this, if your platform is not supported or you know, what you're doing.
Default value: undef
Data type: Optional[String[1]]
Set a custom file name for the snippet
Default value: undef
Data type: String[1]
Path to use for executing the sudo syntax check
Default value: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
Type: Ruby 4.x API
Formats sudoers defaults config see https://linux.die.net/man/5/sudoers
Default_Type ::= 'Defaults' |
'Defaults' '@' Host_List |
'Defaults' ':' User_List |
'Defaults' '!' Cmnd_List |
'Defaults' '>' Runas_List
Default_Entry ::= Default_Type Parameter_List
Parameter_List ::= Parameter |
Parameter ',' Parameter_List
Parameter ::= Parameter '=' Value |
Parameter '+=' Value |
Parameter '-=' Value |
'!'* Parameter
The function is passed an Array of Tuples e.g. [["env_reset", nil]] [["mailto", {"value" => root}]]
Formats sudoers defaults config see https://linux.die.net/man/5/sudoers
Default_Type ::= 'Defaults' |
'Defaults' '@' Host_List |
'Defaults' ':' User_List |
'Defaults' '!' Cmnd_List |
'Defaults' '>' Runas_List
Default_Entry ::= Default_Type Parameter_List
Parameter_List ::= Parameter |
Parameter ',' Parameter_List
Parameter ::= Parameter '=' Value |
Parameter '+=' Value |
Parameter '-=' Value |
'!'* Parameter
The function is passed an Array of Tuples e.g. [["env_reset", nil]] [["mailto", {"value" => root}]]
Returns: String
Data type: Any
sudo defaults
Alias of
Hash[String, Variant[Struct[{
Optional[list] => String,
Optional[operator] => Sudo::Defaults_operator,
Optional[value] => Variant[String,Numeric],
}], Undef]]custom datatype that validates sudo defaults operators
Alias of Enum['=', '+=', '-=', '!']