Jérémy Dubois
fa497b280e
Some checks failed
continuous-integration/drone/push Build is failing
This configuration is checked by evocheck, so it should be present by default
34 lines
793 B
YAML
34 lines
793 B
YAML
---
|
|
- name: Configure sudoers umask
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
insertafter: '# Defaults specification'
|
|
line: 'Defaults umask=0077'
|
|
validate: 'visudo -cf %s'
|
|
tags:
|
|
- sudo
|
|
|
|
# dont't break the tab!
|
|
- name: Allow wheel group to run command as root in sudo
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
insertafter: '# and set environment variables.'
|
|
line: '%wheel ALL=(ALL) SETENV: ALL'
|
|
validate: 'visudo -cf %s'
|
|
backup: false
|
|
tags:
|
|
- sudo
|
|
|
|
- name: Configure sudoers for evomaintenance and monitoring
|
|
blockinfile:
|
|
state: present
|
|
dest: /etc/sudoers
|
|
insertafter: EOF
|
|
block: |
|
|
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh
|
|
%wheel ALL=NOPASSWD: MAINT
|
|
validate: 'visudo -cf %s'
|
|
backup: false
|
|
tags:
|
|
- sudo
|