James, thanks for the reply. I didn't actually receive this message in my
Gmail mailbox for some reason. I logged into groups.google.com and found
that you had replied.
Anyway, now that I have read your input, I will mull it all over in my head.
Thanks again,
Warron
On Friday, April 28, 2017 at 9:45:38 AM UTC-4, James Perry wrote:
>
> As I have very recently dug into modifying sudoers myself, you may want to
> look at the saz/sudo module at Puppet Forge. It allows you to do a lot of
> different methods to create a sudoers file that fits the supported OS.
>
> If you want to just do edits, you may want to look at the stdlib -
> file_line type. There are examples for it that show sudoers specifically.
>
> In my environment I am using the file_line with a matcher with a regular
> expression to change the directory colors from dark blue to the lighter
> blue.
>
> class os_config::ls_dir_color ($dir_default_color = '01;34') {
> # This is used to change the DIR color from dark blue to a brighter blue
> to
> # see it on a black background
> # It will use the file_line
> include stdlib
>
> file_line { 'dir_colors':
> path => '/etc/DIR_COLORS',
> line => "DIR ${dir_default_color} # directory",
> match => '^DIR\s*.*',
> replace => true,
> }
>
> For sudoers you could do that to check if the line already exists to
> remove it with ensure => absent or add it with ensure => present. Since I'm
> using Foreman as a front-end to Puppet I use the smart parameters that I
> can override on a host by host basis when needed. Here is a pseudo code
> snippet that may do something like what you want.
>
> class sudo::add_dba_perm ($ensure = 'present', $dba_perm_line = '%dba
> ALL=ALL NOPASSWD: ALL') {
> include stdlib
>
> file_line { 'sudo_dba':
> path => '/etc/sudoers',
> ensure => $ensure,
> line => $dba_perm_line,
> match => '^%dba\s*.*',
> replace => true,
> }
>
> Now I haven't coded or tested the above, but theoretically something coded
> along these lines should work. As I don't yet have a full grasp on doing
> defines and create_resources, I have to stay basic in my coding.
>
> Hope this helps.
>
> On Wednesday, April 26, 2017 at 10:14:34 PM UTC-4, Warron French wrote:
>>
>> Does it make sense to use the puppetlabs-inifile module when trying to
>> modify the /etc/sudoers file?
>>
>> From my observations, the /etc/sudoers file isn't exactly laid out in an
>> ini-stylized configuration; like the /etc/smb.conf is.
>>
>> Comments welcomed.
>> --------------------------
>> Warron French
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/72e03cc1-b85e-418c-bbca-c2f58107c611%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
