25 lines
614 B
YAML
25 lines
614 B
YAML
- name: set sudoers right
|
|
lineinfile:
|
|
dest: "/etc/sudoers.d/{{user.name}}"
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
state: "present"
|
|
create: True
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0440"
|
|
validate: 'visudo -cf "%s"'
|
|
with_items:
|
|
- regexp: '^{{user.name}}\s'
|
|
line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"
|
|
become: True
|
|
|
|
- name: change secure path
|
|
replace:
|
|
path: "/etc/sudoers"
|
|
regexp: ^Defaults\s*secure_path.*
|
|
replace: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
|
|
validate: 'visudo -cf "%s"'
|
|
become: true
|
|
|