2022-12-10 17:51:03 +00:00
|
|
|
- name: Set sudoers right
|
|
|
|
ansible.builtin.lineinfile:
|
2023-01-10 19:45:21 +00:00
|
|
|
dest: '/etc/sudoers.d/{{ system_sudoers_group }}'
|
2022-12-10 17:51:03 +00:00
|
|
|
regexp: '{{ item.regexp }}'
|
|
|
|
line: '{{ item.line }}'
|
|
|
|
state: 'present'
|
2022-11-11 16:48:09 +00:00
|
|
|
create: True
|
2022-12-10 17:51:03 +00:00
|
|
|
owner: 'root'
|
|
|
|
group: 'root'
|
|
|
|
mode: '0440'
|
2022-11-11 16:48:09 +00:00
|
|
|
validate: 'visudo -cf "%s"'
|
|
|
|
with_items:
|
2023-01-10 19:45:21 +00:00
|
|
|
- regexp: '^%{{ system_sudoers_group }}\s'
|
|
|
|
line: '%{{ system_sudoers_group }} ALL = (ALL) NOPASSWD:ALL'
|
2022-11-11 16:48:09 +00:00
|
|
|
become: True
|
2022-11-13 13:45:33 +00:00
|
|
|
|
2022-12-10 17:51:03 +00:00
|
|
|
- name: Change secure path
|
|
|
|
ansible.builtin.replace:
|
|
|
|
path: '/etc/sudoers'
|
2022-11-13 13:45:33 +00:00
|
|
|
regexp: ^Defaults\s*secure_path.*
|
|
|
|
replace: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
|
|
|
|
validate: 'visudo -cf "%s"'
|
|
|
|
become: true
|