forked from evolix/ansible-roles
evolinx-users: optimize sudo configuration
This commit is contained in:
parent
1dc4d0e133
commit
270d03b6a6
|
@ -25,6 +25,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
### Changed
|
||||
|
||||
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
|
||||
* evolinux-users: check permissions for /etc/sudoers.d
|
||||
* evolinux-users: optimize sudo configuration
|
||||
* lxc: Fail if /var is nosuid
|
||||
* openvpn: make it compatible with OpenBSD and add some improvements
|
||||
|
||||
|
|
|
@ -20,10 +20,6 @@
|
|||
|
||||
- name: Configure sudo
|
||||
include: sudo.yml
|
||||
vars:
|
||||
user: "{{ item.value }}"
|
||||
loop: "{{ evolinux_users | dict2items }}"
|
||||
when: evolinux_users | length > 0
|
||||
|
||||
- name: Configure SSH
|
||||
include: ssh.yml
|
||||
|
|
|
@ -1,9 +1,21 @@
|
|||
---
|
||||
|
||||
- include: sudo_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
vars:
|
||||
user: "{{ item.value }}"
|
||||
loop: "{{ evolinux_users | dict2items }}"
|
||||
when:
|
||||
- evolinux_users | length > 0
|
||||
- ansible_distribution_release == "jessie"
|
||||
|
||||
- include: sudo_stretch.yml
|
||||
|
||||
- block:
|
||||
- include: sudo_stretch_common.yml
|
||||
|
||||
- include: sudo_stretch_user.yml
|
||||
vars:
|
||||
user: "{{ item.value }}"
|
||||
loop: "{{ evolinux_users | dict2items }}"
|
||||
when:
|
||||
- ansible_distribution_major_version is defined
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
|
|
|
@ -1,5 +1,13 @@
|
|||
---
|
||||
|
||||
- name: "/etc/sudoers.d presence and permissions"
|
||||
file:
|
||||
path: /etc/sudoers.d
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
state: directory
|
||||
|
||||
- name: "Verify 'evolinux' sudoers file presence (Debian 9 or later)"
|
||||
template:
|
||||
src: sudoers_stretch.j2
|
||||
|
@ -13,15 +21,3 @@
|
|||
group:
|
||||
name: "{{ evolinux_sudo_group }}"
|
||||
system: yes
|
||||
|
||||
- name: "Add user to '{{ evolinux_sudo_group }}' group (Debian 9 or later)"
|
||||
user:
|
||||
name: '{{ user.name }}'
|
||||
groups: "{{ evolinux_sudo_group }}"
|
||||
append: yes
|
||||
|
||||
- name: "Add user to 'adm' group (Debian 9 or later)"
|
||||
user:
|
||||
name: '{{ user.name }}'
|
||||
groups: "adm"
|
||||
append: yes
|
13
evolinux-users/tasks/sudo_stretch_user.yml
Normal file
13
evolinux-users/tasks/sudo_stretch_user.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
- name: "Add user to '{{ evolinux_sudo_group }}' group (Debian 9 or later)"
|
||||
user:
|
||||
name: '{{ user.name }}'
|
||||
groups: "{{ evolinux_sudo_group }}"
|
||||
append: yes
|
||||
|
||||
- name: "Add user to 'adm' group (Debian 9 or later)"
|
||||
user:
|
||||
name: '{{ user.name }}'
|
||||
groups: "adm"
|
||||
append: yes
|
Loading…
Reference in a new issue