From ff55b7cc410f6889c238a4c9a29a562b70800a75 Mon Sep 17 00:00:00 2001 From: Rob Nelson Date: Tue, 25 Apr 2017 21:37:39 +0000 Subject: [PATCH] Allow user to specify multiple config dirs/#includedir directives --- .bundle/config | 4 - .gitignore | 19 ++-- manifests/conf.pp | 4 +- manifests/init.pp | 41 +++------ manifests/params.pp | 91 ++++++++----------- .../sudoers.aix.erb | 7 +- .../sudoers.archlinux.erb | 7 +- .../sudoers.darwin.erb | 5 +- .../sudoers.debian.erb | 5 +- templates/sudoers.erb | 15 --- .../sudoers.freebsd.erb | 7 +- .../sudoers.gentoo.erb | 7 +- .../sudoers.olddebian.erb | 7 +- .../sudoers.omnios.erb | 7 +- .../sudoers.openbsd.erb | 7 +- .../sudoers.rhel5.erb | 5 +- .../sudoers.rhel6.erb | 7 +- .../sudoers.rhel7.erb | 7 +- .../sudoers.smartos.erb | 7 +- .../sudoers.solaris.erb | 7 +- .../sudoers.suse.erb | 7 +- .../sudoers.ubuntu.erb | 5 +- 22 files changed, 143 insertions(+), 135 deletions(-) delete mode 100644 .bundle/config rename files/sudoers.omnios => templates/sudoers.aix.erb (94%) rename files/sudoers.archlinux => templates/sudoers.archlinux.erb (94%) rename files/sudoers.darwin => templates/sudoers.darwin.erb (90%) rename files/sudoers.debian => templates/sudoers.debian.erb (72%) delete mode 100644 templates/sudoers.erb rename files/sudoers.freebsd => templates/sudoers.freebsd.erb (95%) rename files/sudoers.gentoo => templates/sudoers.gentoo.erb (94%) rename files/sudoers.olddebian => templates/sudoers.olddebian.erb (94%) rename files/sudoers.aix => templates/sudoers.omnios.erb (94%) rename files/sudoers.openbsd => templates/sudoers.openbsd.erb (90%) rename files/sudoers.rhel5 => templates/sudoers.rhel5.erb (95%) rename files/sudoers.rhel6 => templates/sudoers.rhel6.erb (95%) rename files/sudoers.rhel7 => templates/sudoers.rhel7.erb (95%) rename files/sudoers.smartos => templates/sudoers.smartos.erb (94%) rename files/sudoers.solaris => templates/sudoers.solaris.erb (94%) rename files/sudoers.suse => templates/sudoers.suse.erb (94%) rename files/sudoers.ubuntu => templates/sudoers.ubuntu.erb (84%) diff --git a/.bundle/config b/.bundle/config deleted file mode 100644 index d58b21d..0000000 --- a/.bundle/config +++ /dev/null @@ -1,4 +0,0 @@ ---- -BUNDLE_WITHOUT: system_tests:development -BUNDLE_PATH: vendor/bundle -BUNDLE_DISABLE_SHARED_GEMS: true diff --git a/.gitignore b/.gitignore index 79a5f79..5caea85 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,13 @@ -pkg/ -*.swp -spec/fixtures/ -.vagrant/ -vendor/ -Gemfile.lock +.*.sw? +/pkg +/spec/fixtures/manifests +/spec/fixtures/modules +/.rspec_system +/.vagrant +/.bundle +/vendor +/Gemfile.lock +/junit +/log +.yardoc +coverage diff --git a/manifests/conf.pp b/manifests/conf.pp index e22cf0e..89adde6 100644 --- a/manifests/conf.pp +++ b/manifests/conf.pp @@ -69,9 +69,9 @@ # build current file name with path if $sudo_file_name != undef { - $cur_file = "${sudo_config_dir_real}${sudo_file_name}" + $cur_file = "${sudo_config_dir_real}/${sudo_file_name}" } else { - $cur_file = "${sudo_config_dir_real}${priority_real}_${dname}" + $cur_file = "${sudo_config_dir_real}/${priority_real}_${dname}" } # replace whitespace in file name diff --git a/manifests/init.pp b/manifests/init.pp index 3a83be8..d96a3d7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -50,22 +50,17 @@ # what you're doing. # Default: auto-set, platform specific # -# [*config_file_replace*] -# Replace configuration file with that one delivered with this module -# Default: true -# -# [*includedirsudoers*] -# Add #includedir /etc/sudoers.d to the end of sudoers, if not config_file_replace -# Default: true if RedHat 5.x -# # [*config_dir*] -# Main configuration directory -# Only set this, if your platform is not supported or you know, -# what you're doing. +# Main directory containing sudo snippets, imported via +# includedir stanza in sudoers file # Default: auto-set, platform specific # -# [*source*] -# Alternate source file location +# [*extra_include_dirs*] +# Array of additional directories containing sudo snippets +# Default: undef +# +# [*content*] +# Alternate content file location # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific @@ -96,9 +91,9 @@ $purge_ignore = undef, $config_file = $sudo::params::config_file, $config_file_replace = true, - $includedirsudoers = $sudo::params::includedirsudoers, $config_dir = $sudo::params::config_dir, - $source = $sudo::params::source, + $extra_include_dirs = undef, + $content = $sudo::params::content, $ldap_enable = false, ) inherits sudo::params { @@ -145,7 +140,7 @@ group => $sudo::params::config_file_group, mode => '0440', replace => $config_file_replace, - source => $source, + content => template($content), require => Class['sudo::package'], } @@ -160,14 +155,6 @@ require => Class['sudo::package'], } - if $config_file_replace == false and $includedirsudoers { - augeas { 'includedirsudoers': - changes => ['set /files/etc/sudoers/#includedir /etc/sudoers.d'], - incl => $config_file, - lens => 'Sudoers.lns', - } - } - # Load the Hiera based sudoer configuration (if enabled and present) # # NOTE: We must use 'include' here to avoid circular dependencies with @@ -183,7 +170,7 @@ include '::sudo::configs' } - anchor { 'sudo::begin': } -> - Class['sudo::package'] -> - anchor { 'sudo::end': } + anchor { 'sudo::begin': } + -> Class['sudo::package'] + -> anchor { 'sudo::end': } } diff --git a/manifests/params.pp b/manifests/params.pp index 709f98c..3404389 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,21 +1,21 @@ #class sudo::params #Set the paramters for the sudo module class sudo::params { - $source_base = "puppet:///modules/${module_name}/" + $content_base = "${module_name}/" case $::osfamily { 'Debian': { case $::operatingsystem { 'Ubuntu': { - $source = "${source_base}sudoers.ubuntu" + $content = "${content_base}sudoers.ubuntu.erb" } default: { if (versioncmp($::operatingsystemmajrelease, '7') >= 0) or ($::operatingsystemmajrelease =~ /\/sid/) or ($::operatingsystemmajrelease =~ /Kali/) { - $source = "${source_base}sudoers.debian" + $content = "${content_base}sudoers.debian.erb" } else { - $source = "${source_base}sudoers.olddebian" + $content = "${content_base}sudoers.olddebian.erb" } } } @@ -25,8 +25,7 @@ $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' + $config_dir = '/etc/sudoers.d' $config_file_group = 'root' } 'RedHat': { @@ -44,16 +43,12 @@ $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' - $includedirsudoers = $::operatingsystemmajrelease ? { - '5' => true, - default => false, - } - $config_dir = '/etc/sudoers.d/' - $source = $::operatingsystemrelease ? { - /^5/ => "${source_base}sudoers.rhel5", - /^6/ => "${source_base}sudoers.rhel6", - /^7/ => "${source_base}sudoers.rhel7", - default => "${source_base}sudoers.rhel6", + $config_dir = '/etc/sudoers.d' + $content = $::operatingsystemrelease ? { + /^5/ => "${content_base}sudoers.rhel5.erb", + /^6/ => "${content_base}sudoers.rhel6.erb", + /^7/ => "${content_base}sudoers.rhel7.erb", + default => "${content_base}sudoers.rhel6.erb", } $config_file_group = 'root' } @@ -64,9 +59,8 @@ $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' - $source = "${source_base}sudoers.suse" + $config_dir = '/etc/sudoers.d' + $content = "${content_base}sudoers.suse.erb" $config_file_group = 'root' } 'Solaris': { @@ -78,9 +72,8 @@ $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' - $source = "${source_base}sudoers.omnios" + $config_dir = '/etc/sudoers.d' + $content = "${content_base}sudoers.omnios.erb" $config_file_group = 'root' } 'SmartOS': { @@ -90,8 +83,8 @@ $package_source = '' $package_admin_file = '' $config_file = '/opt/local/etc/sudoers' - $config_dir = '/opt/local/etc/sudoers.d/' - $source = "${source_base}sudoers.smartos" + $config_dir = '/opt/local/etc/sudoers.d' + $content = "${content_base}sudoers.smartos.erb" $config_file_group = 'root' } default: { @@ -103,9 +96,8 @@ $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' - $source = "${source_base}sudoers.solaris" + $config_dir = '/etc/sudoers.d' + $content = "${content_base}sudoers.solaris.erb" $config_file_group = 'root' } '5.10': { @@ -115,9 +107,8 @@ $package_source = "http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-${::hardwareisa}.pkg.gz" $package_admin_file = '/var/sadm/install/admin/puppet' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' - $source = "${source_base}sudoers.solaris" + $config_dir = '/etc/sudoers.d' + $content = "${content_base}sudoers.solaris.erb" $config_file_group = 'root' } default: { @@ -134,9 +125,8 @@ $package_source = '' $package_admin_file = '' $config_file = '/usr/local/etc/sudoers' - $includedirsudoers = false - $config_dir = '/usr/local/etc/sudoers.d/' - $source = "${source_base}sudoers.freebsd" + $config_dir = '/usr/local/etc/sudoers.d' + $content = "${content_base}sudoers.freebsd.erb" $config_file_group = 'wheel' } 'OpenBSD': { @@ -150,9 +140,8 @@ $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' - $source = "${source_base}sudoers.openbsd" + $config_dir = '/etc/sudoers.d' + $content = "${content_base}sudoers.openbsd.erb" $config_file_group = 'wheel' } 'AIX': { @@ -162,9 +151,8 @@ $package_source = 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.9-6.aix53.lam.rpm' $package_admin_file = '' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' - $source = "${source_base}sudoers.aix" + $config_dir = '/etc/sudoers.d' + $content = "${content_base}sudoers.aix.erb" $config_file_group = 'system' } 'Darwin': { @@ -174,8 +162,8 @@ $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' - $config_dir = '/etc/sudoers.d/' - $source = "${source_base}sudoers.darwin" + $config_dir = '/etc/sudoers.d' + $content = "${content_base}sudoers.darwin.erb" $config_file_group = 'wheel' } default: { @@ -185,9 +173,8 @@ $package_ldap = $package $package_ensure = 'present' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' - $source = "${source_base}sudoers.gentoo" + $config_dir = '/etc/sudoers.d' + $content = "${content_base}sudoers.gentoo.erb" $config_file_group = 'root' } 'Archlinux': { @@ -195,9 +182,8 @@ $package_ldap = $package $package_ensure = 'present' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' - $source = "${source_base}sudoers.archlinux" + $config_dir = '/etc/sudoers.d' + $content = "${content_base}sudoers.archlinux.erb" $config_file_group = 'root' } 'Amazon': { @@ -205,12 +191,11 @@ $package_ldap = $package $package_ensure = 'present' $config_file = '/etc/sudoers' - $includedirsudoers = false - $config_dir = '/etc/sudoers.d/' - $source = $::operatingsystemrelease ? { - /^5/ => "${source_base}sudoers.rhel5", - /^6/ => "${source_base}sudoers.rhel6", - default => "${source_base}sudoers.rhel6", + $config_dir = '/etc/sudoers.d' + $content = $::operatingsystemrelease ? { + /^5/ => "${content_base}sudoers.rhel5.erb", + /^6/ => "${content_base}sudoers.rhel6.erb", + default => "${content_base}sudoers.rhel6.erb", } $config_file_group = 'root' } diff --git a/files/sudoers.omnios b/templates/sudoers.aix.erb similarity index 94% rename from files/sudoers.omnios rename to templates/sudoers.aix.erb index c92a836..b356f56 100644 --- a/files/sudoers.omnios +++ b/templates/sudoers.aix.erb @@ -87,6 +87,9 @@ root ALL=(ALL) ALL # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' -## Read drop-in files from /etc/sudoers.d +## Read drop-in files ## (the '#' here does not indicate a comment) -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.archlinux b/templates/sudoers.archlinux.erb similarity index 94% rename from files/sudoers.archlinux rename to templates/sudoers.archlinux.erb index b61353e..3e1aa8a 100644 --- a/files/sudoers.archlinux +++ b/templates/sudoers.archlinux.erb @@ -87,6 +87,9 @@ root ALL=(ALL) ALL # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' -## Read drop-in files from /etc/sudoers.d +## Read drop-in files ## (the '#' here does not indicate a comment) -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.darwin b/templates/sudoers.darwin.erb similarity index 90% rename from files/sudoers.darwin rename to templates/sudoers.darwin.erb index 3d7c7c5..79109d6 100644 --- a/files/sudoers.darwin +++ b/templates/sudoers.darwin.erb @@ -45,4 +45,7 @@ root ALL=(ALL) ALL # Samples # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.debian b/templates/sudoers.debian.erb similarity index 72% rename from files/sudoers.debian rename to templates/sudoers.debian.erb index 9f84ee5..8d0f9b0 100644 --- a/files/sudoers.debian +++ b/templates/sudoers.debian.erb @@ -12,4 +12,7 @@ root ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/templates/sudoers.erb b/templates/sudoers.erb deleted file mode 100644 index 44df8e5..0000000 --- a/templates/sudoers.erb +++ /dev/null @@ -1,15 +0,0 @@ -# file managed by puppet -Defaults env_keep=SSH_AUTH_SOCK -Defaults !authenticate -Defaults env_reset -<% if has_variable?("sudo_mailto") -%> -Defaults mailto=<%= sudo_mailto %> -<% end -%> -Defaults always_set_home -Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/puppetlabs/bin" -root ALL=(ALL) ALL - -# This directive only works with version >= 1.7.2! -#includedir /etc/sudoers.d -## -# diff --git a/files/sudoers.freebsd b/templates/sudoers.freebsd.erb similarity index 95% rename from files/sudoers.freebsd rename to templates/sudoers.freebsd.erb index 437bd63..d2fffcf 100644 --- a/files/sudoers.freebsd +++ b/templates/sudoers.freebsd.erb @@ -102,6 +102,9 @@ root ALL=(ALL) ALL # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' -## Read drop-in files from /usr/local/etc/sudoers.d +## Read drop-in files ## (the '#' here does not indicate a comment) -#includedir /usr/local/etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.gentoo b/templates/sudoers.gentoo.erb similarity index 94% rename from files/sudoers.gentoo rename to templates/sudoers.gentoo.erb index 065fcbf..c51237f 100644 --- a/files/sudoers.gentoo +++ b/templates/sudoers.gentoo.erb @@ -88,6 +88,9 @@ root ALL=(ALL) ALL # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' -## Read drop-in files from /etc/sudoers.d +## Read drop-in files ## (the '#' here does not indicate a comment) -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.olddebian b/templates/sudoers.olddebian.erb similarity index 94% rename from files/sudoers.olddebian rename to templates/sudoers.olddebian.erb index 8703ebe..f104502 100644 --- a/files/sudoers.olddebian +++ b/templates/sudoers.olddebian.erb @@ -87,6 +87,9 @@ root ALL=(ALL) ALL # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' -## Read drop-in files from /etc/sudoers.d +## Read drop-in files ## (the '#' here does not indicate a comment) -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.aix b/templates/sudoers.omnios.erb similarity index 94% rename from files/sudoers.aix rename to templates/sudoers.omnios.erb index c92a836..b356f56 100644 --- a/files/sudoers.aix +++ b/templates/sudoers.omnios.erb @@ -87,6 +87,9 @@ root ALL=(ALL) ALL # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' -## Read drop-in files from /etc/sudoers.d +## Read drop-in files ## (the '#' here does not indicate a comment) -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.openbsd b/templates/sudoers.openbsd.erb similarity index 90% rename from files/sudoers.openbsd rename to templates/sudoers.openbsd.erb index 5d93797..f0419d8 100644 --- a/files/sudoers.openbsd +++ b/templates/sudoers.openbsd.erb @@ -49,6 +49,9 @@ root ALL=(ALL) SETENV: ALL # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now -# pull in configurations in /etc/sudoers.d +# Read drop-in files # the # does not mark the line as a comment -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.rhel5 b/templates/sudoers.rhel5.erb similarity index 95% rename from files/sudoers.rhel5 rename to templates/sudoers.rhel5.erb index ebd8b3a..2d4209e 100644 --- a/files/sudoers.rhel5 +++ b/templates/sudoers.rhel5.erb @@ -92,4 +92,7 @@ root ALL=(ALL) ALL ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.rhel6 b/templates/sudoers.rhel6.erb similarity index 95% rename from files/sudoers.rhel6 rename to templates/sudoers.rhel6.erb index f6e59db..b344f81 100644 --- a/files/sudoers.rhel6 +++ b/templates/sudoers.rhel6.erb @@ -106,5 +106,8 @@ root ALL=(ALL) ALL ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now -## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) -#includedir /etc/sudoers.d +## Read drop-in files +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.rhel7 b/templates/sudoers.rhel7.erb similarity index 95% rename from files/sudoers.rhel7 rename to templates/sudoers.rhel7.erb index a36afe3..82742ea 100644 --- a/files/sudoers.rhel7 +++ b/templates/sudoers.rhel7.erb @@ -109,5 +109,8 @@ root ALL=(ALL) ALL ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now -## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) -#includedir /etc/sudoers.d +## Read drop-in files +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.smartos b/templates/sudoers.smartos.erb similarity index 94% rename from files/sudoers.smartos rename to templates/sudoers.smartos.erb index ad1d86d..02aaccb 100644 --- a/files/sudoers.smartos +++ b/templates/sudoers.smartos.erb @@ -79,6 +79,9 @@ root ALL=(ALL) ALL # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' -## Read drop-in files from /opt/local/etc/sudoers.d +## Read drop-in files ## (the '#' here does not indicate a comment) -#includedir /opt/local/etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.solaris b/templates/sudoers.solaris.erb similarity index 94% rename from files/sudoers.solaris rename to templates/sudoers.solaris.erb index b17f487..cf30558 100644 --- a/files/sudoers.solaris +++ b/templates/sudoers.solaris.erb @@ -87,6 +87,9 @@ # Defaults targetpw # Ask for the password of the target user # ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' -## Read drop-in files from /opt/sfw/etc/sudoers.d +## Read drop-in files ## (the '#' here does not indicate a comment) -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.suse b/templates/sudoers.suse.erb similarity index 94% rename from files/sudoers.suse rename to templates/sudoers.suse.erb index f932e68..ef1c108 100644 --- a/files/sudoers.suse +++ b/templates/sudoers.suse.erb @@ -80,6 +80,9 @@ root ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL -## Read drop-in files from /etc/sudoers.d +## Read drop-in files ## (the '#' here does not indicate a comment) -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%> diff --git a/files/sudoers.ubuntu b/templates/sudoers.ubuntu.erb similarity index 84% rename from files/sudoers.ubuntu rename to templates/sudoers.ubuntu.erb index be370da..ed5f936 100644 --- a/files/sudoers.ubuntu +++ b/templates/sudoers.ubuntu.erb @@ -28,4 +28,7 @@ root ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: -#includedir /etc/sudoers.d +#includedir <%= @config_dir %> +<% @extra_include_dirs.each do |include_dir| -%> +#includedir <%= include_dir %> +<% end if @extra_include_dirs -%>