{"id":15013931,"url":"https://github.com/saz/puppet-sudo","last_synced_at":"2025-05-14T05:00:29.772Z","repository":{"id":1543953,"uuid":"2101790","full_name":"saz/puppet-sudo","owner":"saz","description":"Manage sudo with Puppet on Debian-, RedHat- and SUSE-based linux distributions and some BSDs","archived":false,"fork":false,"pushed_at":"2025-02-28T13:16:33.000Z","size":482,"stargazers_count":106,"open_issues_count":9,"forks_count":216,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-05-09T10:52:01.771Z","etag":null,"topics":["configuration-management","puppet","sudo"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/saz.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2011-07-25T15:34:36.000Z","updated_at":"2025-04-02T18:11:52.000Z","dependencies_parsed_at":"2023-07-09T07:01:37.948Z","dependency_job_id":"9d366d91-95a2-4e07-8344-8efb87e79f56","html_url":"https://github.com/saz/puppet-sudo","commit_stats":{"total_commits":407,"total_committers":106,"mean_commits":3.839622641509434,"dds":0.683046683046683,"last_synced_commit":"61c615caf7850565a86a02b01ae3d5168453e3ba"},"previous_names":[],"tags_count":36,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saz%2Fpuppet-sudo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saz%2Fpuppet-sudo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saz%2Fpuppet-sudo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saz%2Fpuppet-sudo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/saz","download_url":"https://codeload.github.com/saz/puppet-sudo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254036843,"owners_count":22003654,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["configuration-management","puppet","sudo"],"created_at":"2024-09-24T19:44:57.968Z","updated_at":"2025-05-14T05:00:29.298Z","avatar_url":"https://github.com/saz.png","language":"HTML","readme":"# sudo module for Puppet\n\n[![Build Status](https://github.com/saz/puppet-sudo/workflows/CI/badge.svg)](https://github.com/saz/puppet-sudo/actions?query=workflow%3ACI)\n\nManage sudo configuration via Puppet\n\n### Supported OS\nSome family and some specific os are supported by this module\n* debian osfamily (debian, ubuntu, kali, ...)\n* redhat osfamily (redhat, centos, fedora, ...)\n* suse osfamily (suse, opensuse, ...)\n* solaris osfamily (Solaris, OmniOS, SmartOS, ...)\n* freebsd osfamily\n* openbsd osfamily\n* aix osfamily\n* darwin osfamily\n* gentoo operating system\n* archlinux operating system\n* amazon operating system\n\n## Usage\n\n### WARNING\n**This module will purge your current sudo config**\n\nIf this is not what you're expecting, set `purge` and/or `config_file_replace` to **false**\n\n### Install sudo with default sudoers\n\n#### Purge current sudo config\n```puppet\n    class { 'sudo': }\n```\n\n#### Purge sudoers.d directory, but leave sudoers file as it is\n```puppet\n    class { 'sudo':\n      config_file_replace =\u003e false,\n    }\n```\n\n#### Leave current sudo config as it is\n```puppet\n    class { 'sudo':\n      purge               =\u003e false,\n      config_file_replace =\u003e false,\n    }\n```\n\n#### Use LDAP along with sudo\n\nSudo do not always include by default the support for LDAP.\nOn Debian and Ubuntu a special package sudo-ldap will be used.\nOn Gentoo there is also the needing to include [puppet portage module by Gentoo](https://forge.puppetlabs.com/gentoo/portage). If not present, only a notification will be shown.\n\n```puppet\n    class { 'sudo':\n      ldap_enable =\u003e true,\n    }\n```\n\n### Adding sudoers configuration\n\n#### Using Code\n\n```puppet\n    class { 'sudo': }\n    sudo::conf { 'web':\n      source =\u003e 'puppet:///files/etc/sudoers.d/web',\n    }\n    sudo::conf { 'admins':\n      priority =\u003e 10,\n      content  =\u003e '%admins ALL=(ALL) NOPASSWD: ALL',\n    }\n    sudo::conf { 'joe':\n      priority =\u003e 60,\n      source   =\u003e 'puppet:///files/etc/sudoers.d/users/joe',\n    }\n```\n\n#### Using Hiera\n\nA hiera hash may be used to assemble the sudoers configuration.\nHash merging is also enabled, which supports layering the configuration settings.\n\nExamples using:\n- YAML backend\n- an environment called __production__\n- a __/etc/puppet/hiera.yaml__ hierarchy configuration:\n\n```yaml\n:hierarchy:\n  - \"%{environment}\"\n  - \"defaults\"\n```\n\n##### Load module\n\nLoad the module via Puppet Code or your ENC.\n\n```puppet\n    include sudo\n```\n\n##### Configure Hiera YAML __(defaults.yaml)__\n\nThese defaults will apply to all systems.\n\n```yaml\nsudo::configs:\n    'web':\n        'source'    : 'puppet:///files/etc/sudoers.d/web'\n    'admins':\n        'content'   : '%admins ALL=(ALL) NOPASSWD: ALL'\n        'priority'  : 10\n    'joe':\n        'priority'  : 60\n        'source'    : 'puppet:///files/etc/sudoers.d/users/joe'\n```\n\n##### Configure Hiera YAML __(production.yaml)__\n\nThis will only apply to the production environment.\nIn this example we are:\n- inheriting/preserving the __web__ configuration\n- overriding the __admins__ configuration\n- removing the __joe__ configuration\n- adding the __bill__ template\n\n```yaml\nlookup_options:\n  sudo::configs:\n    merge:\n      strategy: deep\n      merge_hash_arrays: true\n\nsudo::configs:\n    'admins':\n        'content'   : \"%prodadmins ALL=(ALL) NOPASSWD: ALL\"\n        'priority'  : 10\n    'joe':\n        'ensure'    : 'absent'\n        'source'    : 'puppet:///files/etc/sudoers.d/users/joe'\n    'bill':\n        'template'  : \"mymodule/bill.erb\"\n```\n\nIn this example we are:\n- inheriting/preserving the __web__ configuration\n- overriding the __admins:content__ setting\n- inheriting/preserving the __admins:priority__ setting\n- inheriting/preserving the __joe:source__ and __joe:priority__ settings\n- removing the __joe__ configuration\n- adding the __bill__ template\n\n```yaml\nlookup_options:\n  sudo::configs:\n    merge:\n      strategy: deep\n      merge_hash_arrays: true\n\nsudo::configs:\n    'admins':\n        'content'   : \"%prodadmins ALL=(ALL) NOPASSWD: ALL\"\n    'joe':\n        'ensure'    : 'absent'\n    'bill':\n        'template'  : \"mymodule/bill.erb\"\n```\n\n##### Override sudoers defaults\n\nYou can modify `Default_Entry` lines by passing a `Hash` to `sudo::defaults`, where the key is `Defaults` parameter name (see `man 5 sudoers` for more details):\n\n```yaml\nsudo::defaults:\n    lecture:\n      value: always\n    badpass_message:\n      value: \"Password is wrong, please try again\"\n    passwd_tries:\n      value: 5\n    insults:\n    mailto:\n      value: root@example.com\n```\n\n##### Set a custom name for the sudoers file\n\nIn some edge cases, the automatically generated sudoers file name is insufficient. For example, when an application generates a sudoers file with a fixed file name, using this class with the purge option enabled will always delete the custom file and adding it manually will generate a file with the right content, but the wrong name. To solve this, you can use the ```sudo_file_name``` option to manually set the desired file name.\n\n```puppet\nsudo::conf { \"foreman-proxy\":\n\tensure          =\u003e \"present\",\n\tsource          =\u003e \"puppet:///modules/sudo/foreman-proxy\",\n\tsudo_file_name  =\u003e \"foreman-proxy\",\n}\n```\n\n### sudo::conf / sudo::configs notes\n* One of content or source must be set.\n* Content may be an array, string will be added with return carriage after each element.\n* In order to properly pass a template() use template instead of content, as hiera would run template function otherwise.\n\n## sudo class parameters\n\nSee REFERENCE.md\n\n## sudo::conf class / sudo::configs hash parameters\n\nSee REFERENCE.md\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaz%2Fpuppet-sudo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsaz%2Fpuppet-sudo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaz%2Fpuppet-sudo/lists"}