danpoltawski commented 2 years ago

I wanted to use sudo::conf to manage some /etc/sudoers.d/ snippets but it proved very difficult to achieve this:

My current /etc/sudoers has passprompt controlled by a custom variable (see full file below)- I was unable to pass the current template with sudo::content in due to https://github.com/saz/puppet-sudo/issues/272 - I needed the contents parsed in my code
Despite the config_file_replace parameter its not possible to manage the file independently with puppet as this module takes over the file definition

In the end I had to set config_file to another path to be able to manage this file indepdennelty

Current sudo file:

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/puppetlabs/bin"
Defaults        passprompt="[sudo] password for %u:"

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

#includedir /etc/sudoers.d

bschonec commented 2 years ago

You could create a file resource with "ensure => file":

file {'/etc/sudoers.d/DoNotTouch':
  ensure => file,
}

This would tell Puppet that the file itself is "known to puppet" but Puppet won't attempt to manage or delete it.

deric commented 2 years ago

@danpoltawski If we could modify Defaults as suggested in #282 it might help with your problem.

saz commented 4 months ago

282 is merged now and a new release will follow asap. This should resolve this issue. If not, please reopen.

saz / puppet-sudo

Add ability to set passprompt or not mange main config file/package #280

282 is merged now and a new release will follow asap. This should resolve this issue. If not, please reopen.