We have 4 users in a single group. The group is for sysadmins. How to add the group in sudoers via saltstack?
You have a number of options.
The path of least resistance is to simply use an existing group like sudo
or admin
which is typically already granted elevated privileges in the sudoers config file.
Alternatively you may use salt to manage either:
- the sudoers config file (typically
/etc/sudoers
) - a file dropped into the sudoers drop directory (typically
/etc/sudoers.d
)
I can't seem to get this to work on Ubuntu 16.04 hosts.
There seems to be an issue from the past that was similar: https://github.com/saltstack/salt/issues/7690
Any pointers? Cheers, Leo
Function: user.present Result: False Comment: The following requisites were not found: require: group: sudo
Hey Leo — I have a groups/init.sls
state file that I run on all my minions to make sure the sudo
group exists. I wonder if Ubuntu 16.04 doesn't ship this with group anymore.
group-sudo: group.present: - name: sudo
Hi Russell, Thanks for the reply! The strange thing with this error is that 'sudo' is a default group on Ubuntu (as a Debian derivative).
Yeah, I would try adding a state to make sure the sudo
group exists.
SaltStack builds a sort of graph of state dependencies. This error appears to relate not to the actual sudo
group but to the fact that the sudo
group isn't listed in SaltStack's dependency tree.
It's harmless to add a state to ensure the sudo
group exists. SaltStack will do nothing if it exists.
If you manually add user to group seems that salt doesn't remove it on apply. Do you know if there's any documentation for that?
From documentation it says (https://docs.saltstack.com/en/2017.7/ref/states/all/salt.states.user.html#salt.states.user.present):
remove_groups
Remove groups that the user is a member of that weren't specified in the state, Default is True
.
But that doesn't work for me.