https://github.com/ericsson/puppet-module-beuser
Puppet module to manage beuser sudo wrapper
https://github.com/ericsson/puppet-module-beuser
puppet
Last synced: about 2 months ago
JSON representation
Puppet module to manage beuser sudo wrapper
- Host: GitHub
- URL: https://github.com/ericsson/puppet-module-beuser
- Owner: Ericsson
- License: other
- Created: 2013-09-05T14:19:59.000Z (almost 12 years ago)
- Default Branch: master
- Last Pushed: 2018-10-31T12:37:15.000Z (over 6 years ago)
- Last Synced: 2025-05-07T18:16:17.475Z (about 2 months ago)
- Topics: puppet
- Language: Ruby
- Size: 34.2 KB
- Stars: 0
- Watchers: 7
- Forks: 6
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
puppet-module-beuser
====================
Puppet module to manage beuser sudo wrapper
Description
====================
This module is for Ericsson internal use.
It installs the ''beuser'' wrapper for sudo used by Service Desk.
''beuser'' is an alternative for su, which allows changing active uid.
The restriction is that you can only ''su'' to users with a uid > 100.
The idea is to allow Service Desk work-force to ''su'' towards others
user-ids they are supporting. However, they are not supposed to get
administrative access on the systems themselves.
Note, that when you allow ''beuser'' to be executed by non-admins,
whether by sudo (preferred) or setuid, you must make sure that the
admins on the system have no sudo entries which allow command invocation
without password. Otherwise users can use ''beuser'' to aquire an account
of an admin and then use the unrestricted commands for them.
The module needs to package beuser (or what it's configured to) available
on a installation source.
Parameters
====================
ensure
------
Ensure package installation
- *Default*: 'present'
package_name
------------
Name of package to be installed
- *Default*: 'beuser'
adminfile
---------
Path to adminfile used on Solaris
- *Default*: undef
provider
--------
Name of package provider
- *Default*: undef (OS default)
source
------
Source of package file. Used with provider 'sun'
- *Default*: undef
# Compatibility #
Any platform with a beuser package
For Solaris it is recommended to use the osfamily fact in hiera.yaml and have Solaris.yaml include:
---
beuser::source: '/net/nfsserv1/beuser-1.0.pkg'
beuser::adminfile: '/net/nfsserv1/beuser-adminfile'