system/tasks/sudoers.yml

- name: set sudoers right
  lineinfile:
    dest: "/etc/sudoers.d/{{user.name}}"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: "present"
    create: True
    owner: "root"
    group: "root"
    mode: "0440"
    validate: 'visudo -cf "%s"'
  with_items:
    - regexp: '^{{user.name}}\s'
      line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"
  become: True

- name: change secure path
  replace:
    path: "/etc/sudoers"
    regexp: ^Defaults\s*secure_path.*
    replace: Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
    validate: 'visudo -cf "%s"'
  become: true
add sudoers 2022-11-11 16:48:09 +00:00			`- name: set sudoers right`
			`lineinfile:`
			`dest: "/etc/sudoers.d/{{user.name}}"`
			`regexp: "{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`state: "present"`
			`create: True`
			`owner: "root"`
			`group: "root"`
			`mode: "0440"`
			`validate: 'visudo -cf "%s"'`
			`with_items:`
			`- regexp: '^{{user.name}}\s'`
			`line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"`
			`become: True`
change lineingfile by replace 2022-11-13 13:45:33 +00:00
			`- name: change secure path`
			`replace:`
			`path: "/etc/sudoers"`
			`regexp: ^Defaults\ssecure_path.`
			`replace: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin`
			`validate: 'visudo -cf "%s"'`
			`become: true`