add path attribtues to exec resources in several places

NEWS

+release/005.001 (2016-12-07)
+
+    Add "path" attributes to several exec resources. This will be required
+    in the next version of Puppet [adamhl].
+
 release/005.000 (2016-11-21)
 
     This release has a number of breaking changes.
 
-    [duo] base::duo has been completely reworked into a type plus a common 
-    class.  Clients which use Duo for their own purposes should create an 
-    instance of base::duo::config, which will create a Duo PAM config file for 
+    [duo] base::duo has been completely reworked into a type plus a common
+    class.  Clients which use Duo for their own purposes should create an
+    instance of base::duo::config, which will create a Duo PAM config file for
     them to use.  See README.duo for more information.
 
-    [ipmi] A complete rework of base::ipmi.      The base::noipmi class no 
-    longer exists.  Instead, IPMI support should be disabled by setting 
-    base::ipmi::ensure to "absent".  IPMI kernel modules, and ipmievd, should 
+    [ipmi] A complete rework of base::ipmi.      The base::noipmi class no
+    longer exists.  Instead, IPMI support should be disabled by setting
+    base::ipmi::ensure to "absent".  IPMI kernel modules, and ipmievd, should
     still be automatically disabled on virtual systems, even when
-    "ensure => present"; in those cases, the IPMI client tools will still be 
+    "ensure => present"; in those cases, the IPMI client tools will still be
     installed.  Code has been updated for Debian 8 and Ubuntu 16.04.
 
-    [os/debian] All aptitude operations are now performed in a new phase, 
-    called "aptitude".  The "aptitude" phase is configured to run before 
+    [os/debian] All aptitude operations are now performed in a new phase,
+    called "aptitude".  The "aptitude" phase is configured to run before
     "main".
 
     Clients which rely on aptitude being up-to-date must no longer
-    "require => Exec['aptitude update']".  The nature of Puppet phases will 
+    "require => Exec['aptitude update']".  The nature of Puppet phases will
     ensure that aptitude is already updated.
 
-    Clients installing their own custom sources are advised to move all of that 
-    into separate classes, and to put those classes into a new phase of their 
+    Clients installing their own custom sources are advised to move all of that
+    into separate classes, and to put those classes into a new phase of their
     own.  This new phase should "require => Phase['aptitude']" and
     "before => Phase['main']", to ensure proper execution sequencing.
 
     [os/debian] Add two Hiera-configurable parameters to base::os::debian::apt:
 
-    * apt_cache_notin_tmp.  If true, use a different directory to store package 
+    * apt_cache_notin_tmp.  If true, use a different directory to store package
     scripts that need to be run during package install/upgrade.
 
-    * apt_cache_tmp_dir.  When apt_cache_notin_tmp is true, this is the 
+    * apt_cache_tmp_dir.  When apt_cache_notin_tmp is true, this is the
     directory to use for package scripts.
 
     [postfix/sender] A new type: base::postfix::sender.  This is similar to
-    base::postfix::recipient, except it is used to rewrite sender addresses 
+    base::postfix::recipient, except it is used to rewrite sender addresses
     instead of recipient addresses.
 
-    It is suggested that clients use base::postfix::sender to ensure that 
-    emails sent 'from' "root@stanford.edu" or "root@hostname.stanford.edu" are 
-    instead being sent 'from' either "noreply@stanford.edu" or 
+    It is suggested that clients use base::postfix::sender to ensure that
+    emails sent 'from' "root@stanford.edu" or "root@hostname.stanford.edu" are
+    instead being sent 'from' either "noreply@stanford.edu" or
     "shared-mailbox@stanford.edu".
 
-    [ssh] A fairly large rework of SSH code.  Support has been added for 
-    treating "alternate accounts" (.root, .admin, root., and admin.) the same 
-    as root.  Code has also been updated to account for changes to base::duo.  
-    Support has also been added to completely disable password authentication.  
-    Support for Ed25519 keys is also included (though disabled by default).  
-    Finally, pam_afs is now configurable: It can be disabled on systems that do 
+    [ssh] A fairly large rework of SSH code.  Support has been added for
+    treating "alternate accounts" (.root, .admin, root., and admin.) the same
+    as root.  Code has also been updated to account for changes to base::duo.
+    Support has also been added to completely disable password authentication.
+    Support for Ed25519 keys is also included (though disabled by default).
+    Finally, pam_afs is now configurable: It can be disabled on systems that do
     not use AFS.
 
     See README.ssh for more information on how to use the code.
 
-    [sudo] Complete rework of base::sudo, including configurable support for 
-    Duo.  Anyone in the "sudo" or "wheel" group gets sudo access.  If Duo is 
-    enabled, anyone on a specified list is able to sudo without a password, but 
-    with a two-step run.  Fail-secure is supported, as is using the GECOS field 
+    [sudo] Complete rework of base::sudo, including configurable support for
+    Duo.  Anyone in the "sudo" or "wheel" group gets sudo access.  If Duo is
+    enabled, anyone on a specified list is able to sudo without a password, but
+    with a two-step run.  Fail-secure is supported, as is using the GECOS field
     to specify the username that Puppet should actually use.
 
     See README.sudo for more information on how to use the code.
@@ -71,20 +76,20 @@ release/005.000 (2016-11-21)
 release/004.063 (2016-10-17)
 
     [ipmi] EL package requires (like EL6, EL7 only has available OpenIPMI,
-    and not OpenIPMI-tools. (jlent)  Fix ipmievd configuration for Ubuntu. 
+    and not OpenIPMI-tools. (jlent)  Fix ipmievd configuration for Ubuntu.
     (akkornel)
 
-    [os] Update the Ubuntu-to-Debian mapping. (akkornel)  Enable the 
-    debian-stanford backports for Unbuntu distros based on Wheezy and Jessie.  
+    [os] Update the Ubuntu-to-Debian mapping. (akkornel)  Enable the
+    debian-stanford backports for Unbuntu distros based on Wheezy and Jessie.
     (akkornel)  Also add additional Ubuntu-specific backports. (akkornel)
     Also remove daemontools as a default install on systemd Ubuntu. (akkornel)
 
-    [ntp] Add the SRCF time server, make sure NTP is installed, and disable 
+    [ntp] Add the SRCF time server, make sure NTP is installed, and disable
     systemd-timesyncd on RHEL 8.
 
     [xinetd] Make sure inetd is removed before xinetd is installed. (akkornel)
 
-    [wallet] Make sure the base::wallet::client class is included when 
+    [wallet] Make sure the base::wallet::client class is included when
     required. (akkornel)
 
 release/004.062 (2016-06-03)

manifests/postfix/map.pp

@@ -50,6 +50,7 @@ define base::postfix::map(
     # both because a command with a creates stanza won't run even if notified
     # if that file already exists.
     exec { "${command} ${type}:${name} initial":
+      path    => '/bin:/usr/sbin:/usr/bin',
       command => "${command} ${type}:${name}",
       creates => "${name}.db",
       require => [ File[$name], File['/etc/postfix/main.cf'],
@@ -57,6 +58,7 @@ define base::postfix::map(
     }
     exec { "${command} ${type}:${name}":
       refreshonly => true,
+      path        => '/bin:/usr/sbin:/usr/bin',
       command     => "${command} ${type}:${name}",
       require     => [ File['/etc/postfix/main.cf'], Package['postfix'] ],
     }

manifests/postfix/recipient.pp

@@ -25,6 +25,7 @@ define base::postfix::recipient(
   case $ensure {
     'absent': {
       exec { "rm-recipient-${name}":
+        path    => '/bin:/usr/sbin:/usr/bin',
         command => "sed -i -e '/^${name}/d' ${file}",
         onlyif  => "grep ${pattern} ${file}",
         notify  => Exec["postmap hash:${file}"]
@@ -33,12 +34,14 @@ define base::postfix::recipient(
     default: {
       $line = "${name} ${ensure}"
       exec { "add-recipient-${name}":
+        path    => '/bin:/usr/sbin:/usr/bin',
         command => "echo '${line}' >> ${file}",
         unless  => "grep ${pattern} ${file}",
         require => Package['postfix'],
         notify  => Exec["postmap hash:${file}"],
       }
       exec { "fix-recipient-${name}":
+        path    => '/bin:/usr/sbin:/usr/bin',
         command => "sed -i -e 's/^${name}..*\$/${line}/' ${file}",
         unless  => "grep '^${line}\$' ${file}",
         require => Exec["add-recipient-${name}"],

manifests/sysctl.pp

@@ -19,6 +19,7 @@ define base::sysctl($ensure) {
     case $ensure {
         absent: {
             exec { "rm-sysctl-$name":
+                path    => '/bin:/usr/sbin:/usr/bin',
                 command => "sed -i -e '/^$name/d' $filename",
                 onlyif  => "grep '^[^#]' $filename | grep ^$name"
             }
@@ -26,11 +27,13 @@ define base::sysctl($ensure) {
         default: {
             $line = "$name = $ensure"
             exec { "add-sysctl-$name":
+                path    => '/bin:/usr/sbin:/usr/bin',
                 command => "echo '$line' >> $filename",
                 unless  => "grep '^$name' $filename",
                 notify  => Exec["reload sysctl.conf"]
             }
             exec { "fix-sysctl-$name":
+                path    => '/bin:/usr/sbin:/usr/bin',
                 command => "sed -i -e '/^$name/d' $filename; echo '$line' >> $filename",
                 unless  => "grep '^$name[[:space:]]*=[[:space:]]*$ensure' $filename",
                 require => Exec["add-sysctl-$name"],
@@ -63,4 +66,4 @@ class base::sysctl::tcp_keepalive {
         "net.ipv4.tcp_keepalive_probes": ensure => 20;
         "net.ipv4.tcp_keepalive_time":   ensure => 600;
     }
-}
\ No newline at end of file
+}