James, thanks for the reply. I didn't actually receive this message in my
Gmail mailbox for some reason. I logged into groups.google.com and found
that you had replied.
Anyway, now that I have read your input, I will mull it all over in my head.
Thanks again,
Warron
On Friday, April 28, 2017 at 9:45:38 AM UTC-4, James Perry wrote:
>
> As I have very recently dug into modifying sudoers myself, you may want to
> look at the saz/sudo module at Puppet Forge. It allows you to do a lot of
> different methods to create a sudoers file that fits the supported OS.
>
> If you want to just do edits, you may want to look at the stdlib -
> file_line type. There are examples for it that show sudoers specifically.
>
> In my environment I am using the file_line with a matcher with a regular
> expression to change the directory colors from dark blue to the lighter
> blue.
>
> class os_config::ls_dir_color ($dir_default_color = '01;34') {
> # This is used to change the DIR color from dark blue to a brighter blue
> to
> # see it on a black background
> # It will use the file_line
> include stdlib
>
> file_line { 'dir_colors':
> path => '/etc/DIR_COLORS',
> line => "DIR ${dir_default_color} # directory",
> match => '^DIR\s*.*',
> replace => true,
> }
>
> For sudoers you could do that to check if the line already exists to
> remove it with ensure => absent or add it with ensure => present. Since I'm
> using Foreman as a front-end to Puppet I use the smart parameters that I
> can override on a host by host basis when needed. Here is a pseudo code
> snippet that may do something like what you want.
>
> class sudo::add_dba_perm ($ensure = 'present', $dba_perm_line = '%dba
> ALL=ALL NOPASSWD: ALL') {
> include stdlib
>
> file_line { 'sudo_dba':
> path => '/etc/sudoers',
> ensure => $ensure,
> line => $dba_perm_line,
> match => '^%dba\s*.*',
> replace => true,
> }
>
> Now I haven't coded or tested the above, but theoretically something coded
> along these lines should work. As I don't yet have a full grasp on doing
> defines and create_resources, I have to stay basic in my coding.
>
> Hope this helps.
>
> On Wednesday, April 26, 2017 at 10:14:34 PM UTC-4, Warron French wrote:
>>
>> Does it make sense to use the puppetlabs-inifile module when trying to
>> modify the /etc/sudoers file?
>>
>> From my observations, the /etc/sudoers file isn't exactly laid out in an
>> ini-stylized configuration; like the /etc/smb.conf is.
>>
>> Comments welcomed.
>> --------------------------
>> Warron French
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/72e03cc1-b85e-418c-bbca-c2f58107c611%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
