We decided a new policy for sudo in stretch because our previous stretch policy is buggy
This commit is contained in:
parent
f0ced31efa
commit
ab08969cfb
|
@ -35,14 +35,21 @@
|
|||
update_password: on_create
|
||||
when: loginisbusy.rc != 0 and uidisbusy.rc == 0
|
||||
|
||||
- name: "Create {{ admin_users_group }}"
|
||||
- name: "Create evolinux-sudo group"
|
||||
group:
|
||||
name: evolinux-sudo
|
||||
system: yes
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: "Create {{ admin_users_group }} group"
|
||||
group:
|
||||
name: "{{ admin_users_group }}"
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: "Add user to sudo group (Debian 9 or later)"
|
||||
user:
|
||||
name: '{{ user.name }}'
|
||||
groups: 'sudo,{{ admin_users_group }}'
|
||||
groups: 'evolinux-sudo,{{ admin_users_group }}'
|
||||
append: yes
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
|
|
|
@ -5,4 +5,5 @@ Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts
|
|||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||
|
||||
%sudo ALL = NOPASSWD: MAINT
|
||||
%evolinux-sudo ALL=(ALL:ALL) ALL
|
||||
%evolinux-sudo ALL = NOPASSWD: MAINT
|
||||
|
|
Loading…
Reference in a new issue