Method #1 – RedHat style, wheel group
#includedir does not work on RHEL prior to 5.5, therefore wheel is still used #wheel only works on RedHat only, not UNIX and other if ($operatingsystem == 'RedHat') { augeas { 'sudowheel': context => '/files/etc/sudoers', # target file is /etc/sudoers changes => [ # allow wheel users to use sudo 'set spec[user = "%wheel"]/user %wheel', 'set spec[user = "%wheel"]/host_group/host ALL', 'set spec[user = "%wheel"]/host_group/command ALL', 'set spec[user = "%wheel"]/host_group/command/runas_user ALL', 'set spec[user = "%wheel"]/host_group/command/tag NOPASSWD', ] } } ON EACH USER: user { $user: ensure => present, groups => "wheel", password => $userhash[$user]['password'], managehome => true, comment => $userhash[$user]['fullname'], password_min_age => $password_min_age, password_max_age => $password_max_age, }
Method #2 – UNIX ways – creating a file inside /etc/sudoers.d
# on RHEL5, this sudoers.d folder does not exist by default, therefore we require to create the folder file { "/etc/sudoers.d": ensure => directory, owner => root, group => root, mode => 0750, } #using /etc/sudoers.d/svc-system-config-user, UNIX way $sudoerusers = hiera_array(users::sudoerusers) file { 'svc-system-config-user': path => '/etc/sudoers.d/svc-system-config-user', ensure => file, mode => 440, owner => 'root', group => 'root', content => template('users/svc-system-config-user.erb'), } The template, svc-system-config-user.erb: # NOTE: This is puppet managed <% @sudoerusers.each do |val| -%> <%= val %> ALL=(ALL) NOPASSWD: ALL <% end -%>
Method #3 – Just edit the /etc/sudoers
ON EACH USER: $sudochange1 = "set spec[user = '${user}']/user ${user}" $sudochange2 = "set spec[user = '${user}']/host_group/host ALL" $sudochange3 = "set spec[user = '${user}']/host_group/command ALL" $sudochange4 = "set spec[user = '${user}']/host_group/command/runas_user ALL" $sudochange5 = "set spec[user = '${user}']/host_group/command/tag NOPASSWD" augeas { "sudo${user}": context => '/files/etc/sudoers', # target file is /etc/sudoers changes => [ $sudochange1, $sudochange2, $sudochange3, $sudochange4, $sudochange5, ] }
]]>