How do puppet transform group with username in /etc/sudoers file

[mac01]

Hi,

How can I transform group in sudoers file where users are added as "%admin ALL=(ALL) ALL" with individual user name which should fetch username from my database  ?

Thanks
mac

[Steve Singer]

In the template that generates your sudoers file you could call a custom
function (that you would need to write) which queries your database to
get the username.

See the section on calling custom functions from templates in
http://docs.puppetlabs.com/guides/custom_functions.html





> Thanks
> mac
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/J3FfmsoLfpQJ.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

[mac01]

Hi,

How to write custom facts for sudoers files where the data or username need to be fetch from a file for the owner of the system like,

I want to replace %admin ALL=(ALL) ALL with username ALL=(ALL) ALL but from a file for the systems owner only so that no one can login to others system.

Thanks
mac

[Jeff McCune]

On Thursday, May 31, 2012 at 6:52 AM, mac01 wrote:

Hi,

How can I transform group in sudoers file where users are added as "%admin ALL=(ALL) ALL" with individual user name which should fetch username from my database  ?

I'm not quite clear on the question you're asking.  The most common way is to make sure the users who need super user access are a member of the admin group.

You can use the user resource in Puppet to manage group membership.

Another approach is to use LDAP to centralize user and group information.

 

-Jeff

[Matt]

There is a trick I use on my infrastructure, it is around having an include dir for sudoers. You can write a custom function to retrieve the data from the database and return it as a hash. You would need to do a define if you want to define each user sudo permissions as a individual resource. Alternatively you could also use an erb and loop through the hash.