base: doas is used for evomaintenance, not sudo ; wheel group mustn't be sudo because we use the evolinux-sudo group
This commit is contained in:
parent
328dc63d82
commit
4b971b19fb
|
@ -69,6 +69,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
### Removed
|
### Removed
|
||||||
|
|
||||||
* openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo
|
* openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo
|
||||||
|
* base: doas is used for evomaintenance, not sudo ; wheel group mustn't be sudo because we use the evolinux-sudo group
|
||||||
|
|
||||||
## [21.12] - 2021-12-17
|
## [21.12] - 2021-12-17
|
||||||
|
|
||||||
|
|
|
@ -8,34 +8,12 @@
|
||||||
tags:
|
tags:
|
||||||
- sudo
|
- sudo
|
||||||
|
|
||||||
- name: "Allow wheel group to run command as root in sudo"
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/sudoers
|
|
||||||
insertafter: '# and set environment variables.'
|
|
||||||
line: "%wheel\tALL=(ALL) SETENV: ALL"
|
|
||||||
validate: 'visudo -cf %s'
|
|
||||||
backup: false
|
|
||||||
tags:
|
|
||||||
- sudo
|
|
||||||
|
|
||||||
- name: "Delete line with space instead of tab"
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/sudoers
|
|
||||||
line: "%wheel ALL=(ALL) SETENV: ALL"
|
|
||||||
validate: 'visudo -cf %s'
|
|
||||||
backup: false
|
|
||||||
state: absent
|
|
||||||
tags:
|
|
||||||
- sudo
|
|
||||||
|
|
||||||
- name: "Configure sudoers for evomaintenance and monitoring"
|
- name: "Configure sudoers for evomaintenance and monitoring"
|
||||||
blockinfile:
|
blockinfile:
|
||||||
state: present
|
state: present
|
||||||
dest: /etc/sudoers
|
dest: /etc/sudoers
|
||||||
insertafter: EOF
|
insertafter: EOF
|
||||||
block: |
|
block: |
|
||||||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh
|
|
||||||
%wheel ALL=NOPASSWD: MAINT
|
|
||||||
%evolinux-sudo ALL=(ALL) SETENV: ALL
|
%evolinux-sudo ALL=(ALL) SETENV: ALL
|
||||||
validate: 'visudo -cf %s'
|
validate: 'visudo -cf %s'
|
||||||
backup: false
|
backup: false
|
||||||
|
|
Loading…
Reference in a new issue