As I have very recently dug into modifying sudoers myself, you may want to
look at the saz/sudo module at Puppet Forge. It allows you to do a lot of
different methods to create a sudoers file that fits the supported OS.
If you want to just do edits, you may want to look at the stdlib -
file_line type. There are examples for it that show sudoers specifically.
In my environment I am using the file_line with a matcher with a regular
expression to change the directory colors from dark blue to the lighter
blue.
class os_config::ls_dir_color ($dir_default_color = '01;34') {
# This is used to change the DIR color from dark blue to a brighter blue
to
# see it on a black background
# It will use the file_line
include stdlib
file_line { 'dir_colors':
path => '/etc/DIR_COLORS',
line => "DIR ${dir_default_color} # directory",
match => '^DIR\s*.*',
replace => true,
}
For sudoers you could do that to check if the line already exists to remove
it with ensure => absent or add it with ensure => present. Since I'm using
Foreman as a front-end to Puppet I use the smart parameters that I can
override on a host by host basis when needed. Here is a pseudo code
snippet that may do something like what you want.
class sudo::add_dba_perm ($ensure = 'present', $dba_perm_line = '%dba
ALL=ALL NOPASSWD: ALL') {
include stdlib
file_line { 'sudo_dba':
path => '/etc/sudoers',
ensure => $ensure,
line => $dba_perm_line,
match => '^%dba\s*.*',
replace => true,
}
Now I haven't coded or tested the above, but theoretically something coded
along these lines should work. As I don't yet have a full grasp on doing
defines and create_resources, I have to stay basic in my coding.
Hope this helps.
On Wednesday, April 26, 2017 at 10:14:34 PM UTC-4, Warron French wrote:
>
> Does it make sense to use the puppetlabs-inifile module when trying to
> modify the /etc/sudoers file?
>
> From my observations, the /etc/sudoers file isn't exactly laid out in an
> ini-stylized configuration; like the /etc/smb.conf is.
>
> Comments welcomed.
> --------------------------
> Warron French
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/95299141-786a-449d-a51d-dadfcedba7d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
