Chef Cookbook: Sudo Rules
attributes | ||
recipes | ||
.gitignore | ||
Berksfile | ||
CHANGELOG.md | ||
Gemfile | ||
metadata.rb | ||
README.md |
sudo_rules Cookbook
Reads through a special data bag of sudo rules to compile a list of sudoers.d rules to create/remove.
Requirements
packages
- sudo
Attributes
sudo_rules::default
Key | Type | Description | Default |
---|---|---|---|
['sudo_rules'] |
String | Name of data bag to use for entries. | sudo_rules |
Usage
sudo_rules::default
Include sudo_rules
in your node's run_list
:
{
"name":"my_node",
"run_list": [
"recipe[sudo_rules]"
]
}
And provide properly formatted data bag:
{
"id": "Data Bag unique name, default value for name below",
"name": "Name of the sudoers.d file",
"hosts": [
"fqdn1",
"fqdn2",
...
],
"action": "create",
"user": "someuser",
"runas": "ALL",
"commands": [
"/usr/sbin/somecommand args",
"/usr/sbin/anothercommand",
...
],
"defaults": [
"env_reset"
]
}
Key | Type | Description | Default | Required? |
---|---|---|---|---|
Id | String | Name of Data Bag item, and sudoers.d/Id filename. | None | Yes |
Name | String | Instead of using Id, you can choose the name of the file for sudoers.d/Name instead. | Same as Id | No |
Hosts | Array | List of hosts to apply this rule to by fqdn, can be wildcard matched. | None | Yes |
Action | String | create or remove Sets whether to create or remove the entry. |
create |
No |
User | String | Username or %Groupname to use for the sudo rule. | None | Yes |
Runas | String | Allowed colon-separated list of users for sudoers runas. | ALL |
No |
Commands | Array | List of commands (and arguments) this rule adds for the user/group. | [] | Yes |
Defaults | Array | List of defaults this user has. | [] | No |
Contributing
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
License and Authors
Authors: Eric Renfro erenfro@linux-help.org