diff --git a/manifests/init.pp b/manifests/init.pp
index a342fae157e05122fc2e56df7f18a7ef4b9ee967..8acb6c2e0f4d1d659c7f85d8f18626f4f42b98c3 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,7 +3,9 @@
 #
 # Furthermore, sudo...
 
-class su_debuild {
+class su_debuild (
+  Enum['root', 'all'] $cowbuild_group = 'all',
+) {
 
   ### PACKAGES ###
   # Pin some packages to Debian jessie-backports.
@@ -166,12 +168,22 @@ class su_debuild {
   }
 
   # Create a /etc/sudoers.d for running cowbuilder
+  case $cowbuild_group {
+    'root': {
+      $sudo_cowbuild_group = '%root'
+      $sudo_cowbuild_text  = 'Members of the root group'
+    }
+    'all':  {
+      $sudo_cowbuild_group = 'ALL'
+      $sudo_cowbuild_text  = 'All users'
+    }
+  }
+
   sudo::conf { 'cowbuilder':
       priority => 50,
       content  => [
-                    '# Members of the root group can run cowbuilder (needed for building Debian packages)',
-                    '%root ALL = NOPASSWD: /usr/sbin/cowbuilder',
+                    "# $sudo_cowbuild_text can run cowbuilder (needed for building Debian packages)",
+                    "$sudo_cowbuild_group ALL = NOPASSWD: /usr/sbin/cowbuilder",
                   ],
-
   }
 }