From 6106a0a8f557f5ed726925ddb7e7e6b2f96dbb9b Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Wed, 19 Jul 2017 13:54:18 +0200
Subject: [PATCH] admin-users: fix AllowUsers

* the command module was doing weird escaping, let's use the shell
module
* insert after a more appropriate position
---
 admin-users/tasks/adduser_debian.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/admin-users/tasks/adduser_debian.yml b/admin-users/tasks/adduser_debian.yml
index 93a869cf..87899375 100644
--- a/admin-users/tasks/adduser_debian.yml
+++ b/admin-users/tasks/adduser_debian.yml
@@ -64,7 +64,7 @@
 
 # we must double-escape caracters, because python
 - name: verify AllowUsers directive
-  command: "egrep '^\\s+AllowUsers' /etc/ssh/sshd_config"
+  shell: "egrep '^AllowUsers' /etc/ssh/sshd_config"
   changed_when: False
   failed_when: False
   register: grep_allowusers_ssh
@@ -74,7 +74,7 @@
   lineinfile:
     dest: /etc/ssh/sshd_config
     line: "\nAllowUsers {{ user.name }}"
-    insertafter: '^UsePAM'
+    insertafter: '^#   ForceCommand cvs server'
     validate: '/usr/sbin/sshd -T -f %s'
   notify: reload sshd
   when: grep_allowusers_ssh.rc != 0