Defined Type: sudo::group
- Defined in:
- modules/sudo/manifests/group.pp
Overview
Define: sudo::group
Manages a sudo specification in /etc/sudoers.d.
Parameters
- privileges
-
Array of sudo privileges.
- group
-
User to which privileges should be assigned. Defaults to the resource title.
- sudo_flavor
-
sudo flavor to require. Options are sudo or sudoldap. Defaults to 'sudo'.
Examples
sudo::group { 'nagios_check_raid':
group => 'nagios',
privileges => [
'ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check-raid'
],
}
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'modules/sudo/manifests/group.pp', line 27
define sudo::group(
Array[String] $privileges = [],
Wmflib::Ensure $ensure = present,
String $group = $title,
# lint:ignore:wmf_styleguide
Enum['sudo','sudoldap'] $sudo_flavor = lookup('sudo_flavor', {default_value => 'sudo'}),
# lint:endignore
) {
if $sudo_flavor == 'sudo' or os_version('debian >= buster') {
require sudo
} else {
require sudo::sudoldap
}
$title_safe = regsubst($title, '\W', '-', 'G')
$filename = "/etc/sudoers.d/${title_safe}"
if $ensure == 'present' {
file { $filename:
ensure => $ensure,
owner => 'root',
group => 'root',
mode => '0440',
content => template('sudo/sudoers.erb'),
validate_cmd => '/usr/sbin/visudo -cqf %',
}
} else {
file { $filename:
ensure => $ensure,
}
}
}
|