
2.6 KiB

sudo_rules Cookbook

Reads through a special data bag of sudo rules to compile a list of sudoers.d rules to create/remove.



  • sudo



Key Type Description Default
['sudo_rules'] String Name of data bag to use for entries. sudo_rules



Include sudo_rules in your node's run_list:

  "run_list": [

And provide properly formatted data bag:

    "id": "Data Bag unique name, default value for name below",
    "name": "Name of the sudoers.d file",
    "hosts": [
    "action": "create",
    "user": "someuser",
    "runas": "ALL",
    "commands": [
        "/usr/sbin/somecommand args",
    "defaults": [
Key Type Description Default Required?
Id String Name of Data Bag item, and sudoers.d/Id filename. None Yes
Name String Instead of using Id, you can choose the name of the file for sudoers.d/Name instead. Same as Id No
Hosts Array List of hosts to apply this rule to by fqdn, can be wildcard matched. None Yes
Action String create or remove Sets whether to create or remove the entry. create No
User String Username or %Groupname to use for the sudo rule. None Yes
Runas String Allowed colon-separated list of users for sudoers runas. ALL No
Commands Array List of commands (and arguments) this rule adds for the user/group. [] Yes
Defaults Array List of defaults this user has. [] No


  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write your change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

License and Authors

Authors: Eric Renfro