system/tasks/sudoers.yml

24 lines
651 B
YAML
Raw Normal View History

2022-12-10 17:51:03 +00:00
- name: Set sudoers right
ansible.builtin.lineinfile:
dest: '/etc/sudoers.d/{{ user.name }}'
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
state: 'present'
2022-11-11 16:48:09 +00:00
create: True
2022-12-10 17:51:03 +00:00
owner: 'root'
group: 'root'
mode: '0440'
2022-11-11 16:48:09 +00:00
validate: 'visudo -cf "%s"'
with_items:
2022-12-10 17:51:03 +00:00
- regexp: '^{{ user.name }}\s'
line: '{{ user.name }} ALL = (ALL) NOPASSWD:ALL'
2022-11-11 16:48:09 +00:00
become: True
2022-11-13 13:45:33 +00:00
2022-12-10 17:51:03 +00:00
- name: Change secure path
ansible.builtin.replace:
path: '/etc/sudoers'
2022-11-13 13:45:33 +00:00
regexp: ^Defaults\s*secure_path.*
replace: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
validate: 'visudo -cf "%s"'
become: true