Since Augeas became available within Puppet it's been considerably easier to do inline edits of configuration files - providing there's a lens, of course.

However, I find the syntax of Augeas less than friendly, and battled for a while to get sudoers definitions right. User permissions weren't too taxing, but getting an alias - specifically Cmnd_Aliases - right was another matter.

After some wrangling, and truth be told excellent guidance from Red Hat's Dom Cleal, I've now got a working sudoers definition in a Puppet manifest:

class sudo::special {
    augeas { "sudocmdalias":
        context => "/files/etc/sudoers",
        changes => [
            "set Cmnd_Alias[alias/name = 'SERVICES']/alias/name SERVICES",
            "set Cmnd_Alias[alias/name = 'SERVICES']/alias/command[1] /sbin/service",
            "set Cmnd_Alias[alias/name = 'SERVICES']/alias/command[2] /sbin/chkconfig",
            "set Cmnd_Alias[alias/name = 'SERVICES']/alias/command[3] /bin/hostname",
            "set Cmnd_Alias[alias/name = 'SERVICES']/alias/command[4] /sbin/shutdown",
        ],
    } 

augeas { "sudofred":
    context => "/files/etc/sudoers",
    changes => [
        "set spec[user = 'fred']/user fred",
        "set spec[user = 'fred']/host_group/host ALL",
        "set spec[user = 'fred']/host_group/command SERVICES",
        "set spec[user = 'fred']/host_group/command/runas_user root",
        "set spec[user = 'fred']/host_group/command/tag NOPASSWD",
    ],
}

}


Comments

comments powered by Disqus