+# Debian.org's sudo setup
class sudo {
- package { sudo: ensure => installed }
+ ensure_packages ( [
+ 'sudo',
+ 'libpam-pwdfile',
+ ], {
+ ensure => 'installed',
+ })
- file { "/etc/sudoers":
- owner => root,
- group => root,
- mode => 440,
- source => [ "puppet:///sudo/per-host/$fqdn/sudoers",
- "puppet:///sudo/common/sudoers" ],
- require => Package["sudo"]
- ;
- "/etc/pam.d/sudo":
- source => [ "puppet:///sudo/per-host/$fqdn/pam",
- "puppet:///sudo/common/pam" ],
- require => Package["sudo"]
- ;
+ file { '/etc/pam.d/sudo':
+ source => 'puppet:///modules/sudo/pam',
+ require => Package['sudo'],
+ }
- }
+ file { '/etc/sudoers':
+ mode => '0440',
+ source => 'puppet:///modules/sudo/sudoers',
+ require => Package['sudo'],
+ }
+
+ file { '/etc/sudoers.d':
+ ensure => directory,
+ mode => '755',
+ purge => true,
+ recurse => true,
+ force => true,
+ source => 'puppet:///files/empty/',
+ }
+ file { '/etc/sudoers.d/README':
+ mode => '440',
+ content => @(EOT),
+ # According to the README shipped with Debian 10,
+ # this directory, if included in /etc/sudoers, needs
+ # to contain at least one file. Files which end in
+ # a '~' character or that contain a '.' are ignored.
+ #
+ # Files should be mode 0440 and be edited with visudo.
+ | EOT
+ }
}
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4: