base: doas is used for evomaintenance, not sudo ; wheel group mustn't be sudo because we use the evolinux-sudo group
This commit is contained in:
parent
328dc63d82
commit
4b971b19fb
|
@ -69,6 +69,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
### Removed
|
||||
|
||||
* openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo
|
||||
* base: doas is used for evomaintenance, not sudo ; wheel group mustn't be sudo because we use the evolinux-sudo group
|
||||
|
||||
## [21.12] - 2021-12-17
|
||||
|
||||
|
|
|
@ -8,34 +8,12 @@
|
|||
tags:
|
||||
- sudo
|
||||
|
||||
- name: "Allow wheel group to run command as root in sudo"
|
||||
lineinfile:
|
||||
dest: /etc/sudoers
|
||||
insertafter: '# and set environment variables.'
|
||||
line: "%wheel\tALL=(ALL) SETENV: ALL"
|
||||
validate: 'visudo -cf %s'
|
||||
backup: false
|
||||
tags:
|
||||
- sudo
|
||||
|
||||
- name: "Delete line with space instead of tab"
|
||||
lineinfile:
|
||||
dest: /etc/sudoers
|
||||
line: "%wheel ALL=(ALL) SETENV: ALL"
|
||||
validate: 'visudo -cf %s'
|
||||
backup: false
|
||||
state: absent
|
||||
tags:
|
||||
- sudo
|
||||
|
||||
- name: "Configure sudoers for evomaintenance and monitoring"
|
||||
blockinfile:
|
||||
state: present
|
||||
dest: /etc/sudoers
|
||||
insertafter: EOF
|
||||
block: |
|
||||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh
|
||||
%wheel ALL=NOPASSWD: MAINT
|
||||
%evolinux-sudo ALL=(ALL) SETENV: ALL
|
||||
validate: 'visudo -cf %s'
|
||||
backup: false
|
||||
|
|
Loading…
Reference in New Issue