I wanted to configure some sudo rules using puppet.
The default sudo config has an directory called /etc/sudoers.d which makes dropping in the actual entries rather easy:
file { "/etc/sudoers.d/example" :
ensure => present,
owner => 'root',
group => 'root',
mode => 0440,
content => template('example/sudo.erb'),
}
but alas, the default RHEL6 sudo has requiretty set which prevented my sudo rules from working correctly.
Naturally I wanted to use augeas to remove that flag but it turned into a nightmare trifecta of puppet + augeas + sudo. Three tools with so much potential and a great lack of real world documentation.
I remember having battled with this before and giving up. This time I was determined to succeed. I revisited the only information on the internet but I still could not get it to work. After looking at the code for the sudo lens I was pretty sure that I had the correct version and eventually I was pointed in the right direction. Instead of removing the requiretty I needed to negate it. After some more mucking around I came up with a working incantation:
augeas { "turn off sudo requiretty":
changes => [
'set /files/etc/sudoers/Defaults[*]/requiretty/negate ""',
],
}
I hope that will be of use to someone.
