Comments (4)
saz
commented on July 21, 2024
This isn't as easy as it sounds, as all sudoers files are... files. All of them must be migrated to templates just for one parameter.
A better way would be, to have the RHEL6 sudoers file the same as is delivered during installation of sudo, which means to drop Defaults requiretty.
But, Defaults requiretty is a security thing and I'm not quite sure, that RHEL6 is delivering a sudoers config without requiretty enabled. Are you sure, your config is the original file?
As every file included in /etc/sudoers.d overwrites global settings, isn't it possible to use a sudoers.d entry to overwrite requiretty?
I'm closing this issue, as I don't think there is really a change required in the behavior of this module, but feel free to give some more information on this and I might reconsider my current decision.
from puppet-sudo.
stjeanp
commented on July 21, 2024
Actually, I've run in to this as well. My Jenkins server has some tests that need to be run as root, but sudo chokes on that unless it's disabled. Yes, this is an edge case, but there's not really a good way to use this module to manage sudoers for the edge cases since we can't change the config values.
And using r10k to manage your environments makes it difficult to simply replace the sudoers file in the module because dynamic environments.
So I've resorted to overriding the source parameter in the profile class which includes the ssh module.
You've got a great module for managing sudoers permissions, but it's lacking as far as managing the actual sudoers configuration.
from puppet-sudo.
djjudas21
commented on July 21, 2024
@stjeanp I found a workaround. You can specify a higher-priority sudo rule that grants requiretty access.
sudo::conf { 'sudoers-requiretty':
priority => 5,
content => 'Defaults:%sudoers !requiretty',
}
sudo::conf { 'sudoers':
priority => 10,
content => "%sudoers ALL=(ALL) ALL",
}from puppet-sudo.
saz
commented on July 21, 2024
@stjeanp Please feel free to suggest things, which could be improved (extra points for a PR). And, as @djjudas21 shows and I've suggested in my original reply, there isn't a real case, where an option in the main sudoers config can't be overwritten. In fact, this is the right way.
Think about it, if you want requiretty for one user, but not for the other.
from puppet-sudo.
Related Issues (20)
- Facter error on Windows HOT 3
- Module fails with resolving custom fact "sudoversion" HOT 3
- Group names with space HOT 6
- Dependency pinning resolves version 4.1.0 with new stdlib version 7.0.0 HOT 2
- update ::sudoversion to facts hash HOT 3
- Release 6.0.1? HOT 1
- Bump required stdlib version to <8.0.0 HOT 1
- sudo::content parameter is poorly named HOT 2
- Puppetlabs stdlib 8.x.x support
- wheel_config defaulting to 'absent' is undesirable, change to 'password' HOT 3
- 'versioncmp' parameter 'a' expects a String value, got Undef HOT 7
- Add ability to set passprompt or not mange main config file/package HOT 3
- Upgrade to Hiera 5 HOT 2
- Not All Files in /etc/sudoers.d Getting Purged HOT 10
- Publish new version to forge
- sudo::purge_ignore: '*[!_puppet]' erase more then *_puppet HOT 1
- stdlib 9.x.x compat HOT 1
- secure_path in params.pp set to incorrect defaults for recent Redhat releases HOT 1
- I can't get sudo:defaults to work with hiera
- Version 8 on the forge does include the RHEL9 template
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-sudo.