As I have very recently dug into modifying sudoers myself, you may want to
look at the saz/sudo module at Puppet Forge. It allows you to do a lot of
different methods to create a sudoers file that fits the supported OS.
If you want to just do edits, you may want to look at the stdlib -
file_line type. There are examples for it that show sudoers specifically.
In my environment I am using the file_line with a matcher with a regular
expression to change the directory colors from dark blue to the lighter
blue.
class os_config::ls_dir_color ($dir_default_color = '01;34') {
# This is used to change the DIR color from dark blue to a brighter blue
to
# see it on a black background
# It will use the file_line
include stdlib
file_line { 'dir_colors':
path => '/etc/DIR_COLORS',
line => "DIR ${dir_default_color} # directory",
match => '^DIR\s*.*',
replace => true,
}
For sudoers you could do that to check if the line already exists to remove
it with ensure => absent or add it with ensure => present. Since I'm using
Foreman as a front-end to Puppet I use the smart parameters that I can
override on a host by host basis when needed. Here is a pseudo code
snippet that may do something like what you want.
class sudo::add_dba_perm ($ensure = 'present', $dba_perm_line = '%dba
ALL=ALL NOPASSWD: ALL') {
include stdlib
file_line { 'sudo_dba':
path => '/etc/sudoers',
ensure => $ensure,
line => $dba_perm_line,
match => '^%dba\s*.*',
replace => true,
}
Now I haven't coded or tested the above, but theoretically something coded
along these lines should work. As I don't yet have a full grasp on doing
defines and create_resources, I have to stay basic in my coding.
Hope this helps.
On Wednesday, April 26, 2017 at 10:14:34 PM UTC-4, Warron French wrote:
>
> Does it make sense to use the puppetlabs-inifile module when trying to
> modify the /etc/sudoers file?
>
> From my observations, the /etc/sudoers file isn't exactly laid out in an
> ini-stylized configuration; like the /etc/smb.conf is.
>
> Comments welcomed.
> --------------------------
> Warron French
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/95299141-786a-449d-a51d-dadfcedba7d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
