From 6a22de3f23bc254b996f91ae358b0c10374f1aa6 Mon Sep 17 00:00:00 2001 From: Joris Dedieu Date: Tue, 10 Jan 2017 23:57:58 +0100 Subject: [PATCH 1/3] add support for FreeBSD --- manifests/init.pp | 9 +++++++-- manifests/sudoers.pp | 5 ++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 5783ee8..8a25248 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -44,6 +44,11 @@ $sudoers_file = '' ) { + $sysconfdir = $::osfamily ? { + /FreeBSD/ => '/usr/local/etc', + default => '/etc', + } + create_resources('sudo::sudoers', $sudoers) if $manage_package { @@ -52,7 +57,7 @@ } } - file { '/etc/sudoers.d': + file { "${sysconfdir}/sudoers.d": ensure => directory, owner => 'root', group => 'root', @@ -63,7 +68,7 @@ } if $sudoers_file =~ /^puppet:\/\// { - file { '/etc/sudoers': + file { "${sysconfdir}/sudoers": ensure => file, owner => 'root', group => 'root', diff --git a/manifests/sudoers.pp b/manifests/sudoers.pp index 8dddab8..71b65ba 100644 --- a/manifests/sudoers.pp +++ b/manifests/sudoers.pp @@ -74,7 +74,10 @@ # contain dots. # As having dots in a username is legit, let's fudge $sane_name = regsubst($name, '\.', '_', 'G') - $sudoers_user_file = "/etc/sudoers.d/${sane_name}" + $sudoers_user_file = $::osfamily ? { + /FreeBSD/ => "/usr/local/etc/sudoers.d/${sane_name}", + default => "/etc/sudoers.d/${sane_name}", + } if $sane_name !~ /^[A-Za-z][A-Za-z0-9_]*$/ { fail "Will not create sudoers file \"${sudoers_user_file}\" (for user \"${name}\") should consist of letters numbers or underscores." From 13e1408e0daa7e99860d16bf3fecb0eba01234e5 Mon Sep 17 00:00:00 2001 From: Joris Dedieu Date: Wed, 11 Jan 2017 00:11:35 +0100 Subject: [PATCH 2/3] correct visudo path for FreeBSD --- manifests/sudoers.pp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/manifests/sudoers.pp b/manifests/sudoers.pp index 71b65ba..241e531 100644 --- a/manifests/sudoers.pp +++ b/manifests/sudoers.pp @@ -94,11 +94,15 @@ group => 'root', mode => '0440', } + $visudo = $::osfamily ? { + /FreeBSD/ => '/usr/local/sbin/visudo', + default => '/usr/sbin/visudo', + } if versioncmp($::puppetversion, '3.5') >= 0 { - File[$sudoers_user_file] { validate_cmd => '/usr/sbin/visudo -c -f %' } + File[$sudoers_user_file] { validate_cmd => "${visudo} -c -f %" } } else { - validate_cmd(template('sudo/sudoers.erb'), '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content') + validate_cmd(template('sudo/sudoers.erb'), "${visudo} -c -f", 'Visudo failed to validate sudoers content') } } else { From a96a81912d57c6314dcfcca8b152895df9800bfc Mon Sep 17 00:00:00 2001 From: Joris Dedieu Date: Wed, 11 Jan 2017 00:14:56 +0100 Subject: [PATCH 3/3] change root group to 0 as it's named wheel on FreeBSD --- manifests/init.pp | 4 ++-- manifests/sudoers.pp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 8a25248..1903761 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -60,7 +60,7 @@ file { "${sysconfdir}/sudoers.d": ensure => directory, owner => 'root', - group => 'root', + group => 0, mode => '0750', purge => $manage_sudoersd, recurse => $manage_sudoersd, @@ -71,7 +71,7 @@ file { "${sysconfdir}/sudoers": ensure => file, owner => 'root', - group => 'root', + group => 0, mode => '0440', source => $sudoers_file, } diff --git a/manifests/sudoers.pp b/manifests/sudoers.pp index 241e531..d7c233d 100644 --- a/manifests/sudoers.pp +++ b/manifests/sudoers.pp @@ -91,7 +91,7 @@ file { $sudoers_user_file: content => template('sudo/sudoers.erb'), owner => 'root', - group => 'root', + group => 0, mode => '0440', } $visudo = $::osfamily ? {