Hi There,
Rather than building out files dynamically, have you considered possibly
deploying snippets of sudoers configuration out to nodes using the
/etc/sudoers.d/ framework that is available on many operating systems ?
This can be easily handled using the File type and applied to nodes as
required / classified.
However, it may not offer the flexibility you require.
K
On Tuesday, December 18, 2012 1:55:54 PM UTC, cncook001 wrote:
>
> I have a manifest like this
>
> class sudoer::spectrum {
>
> augeas { "sudoer_spectrum_cmdalias":
> context => "/files/etc/sudoers",
> changes => [
> "set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/name
> SPECTRUM_CMDS",
> "set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[1]
> '/bin/mount -o loop,ro /opt/CA/iso/* /opt/iso/spectrum/*'",
> "set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[2]
> '/bin/umount /opt/iso/spectrum/*'",
> ],
> }
>
> augeas { "sudoer_spectrum":
> context => "/files/etc/sudoers",
> changes => [
> "set spec[user = 'spectrum']/user spectrum",
> "set spec[user = 'spectrum']/host_group/host ALL",
> "set spec[user = 'spectrum']/host_group/command/runas_user
> root",
> "set spec[user = 'spectrum']/host_group/command/tag NOPASSWD",
> "set spec[user = 'spectrum']/host_group/command SPECTRUM_CMDS",
> ],
> }
>
> }
>
> But this fails.
>
> The "loop,ro" upsets things.
>
> I also tried this
>
> "set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[1]
> '/bin/mount -o loop\,ro /opt/CA/iso/* /opt/iso/spectrum/*'",
>
> But the \ is passed through to the client file.
>
> Cmnd_Alias SPECTRUM_CMDS = /bin/mount -o loop\,ro /optCA/iso/*
> /opt/iso/spectrum/* , /bin/umount /opt/iso/spectrum/*
>
>
> I see something called sep_com used with augeas, but I am not clear on how
> to use it.
>
> If I remove the ",ro" the sudoers file is upated on the client, but
> without the "ro", the mount command fails.
>
> How do I put a , in the middle of the line? Or, how do I add a : in the
> middle of the line as well, like this
>
> "set Cmnd_Alias[alias/name = 'SPECTRUM_CMDS']/alias/command[3]
> '/bin/chown -R spectrum:spectrum /opt/iso/spectrum/*'",
>
> Or, do I need to rethink how to update sudoers files?
>
> Thanks
>
> Craig
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/tvUvPwLyekMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
