Browse Source

evolinux-users: add user to internal group if defined and Debian >= 9

uvrrpd
3 changed files with 30 additions and 1 deletions
  1. +1
    -0
      evolinux-users/README.md
  2. +1
    -0
      evolinux-users/defaults/main.yml
  3. +28
    -1
      evolinux-users/tasks/user.yml

+ 1
- 0
evolinux-users/README.md View File

@@ -34,4 +34,5 @@ evolinux_users:

* `evolinux_sudo_group`: which group to use for sudo (default: `evolinux-sudo`)
* `evolinux_ssh_group`: which group to use for ssh (default: `evolinux-ssh`)
* `evolinux_internal_group`: which group to use for all created users (eg. the company name)
* `evolinux_root_disable_ssh`: disable root's ssh access (default: `True`)

+ 1
- 0
evolinux-users/defaults/main.yml View File

@@ -3,5 +3,6 @@ evolinux_users: {}

evolinux_sudo_group: "evolinux-sudo"
evolinux_ssh_group: "evolinux-ssh"
evolinux_internal_group: ""

evolinux_root_disable_ssh: True

+ 28
- 1
evolinux-users/tasks/user.yml View File

@@ -43,6 +43,8 @@

# Unix groups

## Group for SSH authorizations

- name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 or later)"
group:
name: "{{ evolinux_ssh_group }}"
@@ -56,6 +58,29 @@
append: yes
when: ansible_distribution_major_version | version_compare('10', '>=')

## Optional group for all evolinux users

- name: "Unix group '{{ evolinux_internal_group }}' is present (Debian 9 or later)"
group:
name: "{{ evolinux_internal_group }}"
state: present
when:
- evolinux_internal_group is defined
- evolinux_internal_group != ""
- ansible_distribution_major_version | version_compare('9', '>=')

- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
user:
name: '{{ user.name }}'
groups: "{{ evolinux_internal_group }}"
append: yes
when:
- evolinux_internal_group is defined
- evolinux_internal_group != ""
- ansible_distribution_major_version | version_compare('9', '>=')

## Optional secondary groups, defined per user

- name: "Secondary Unix groups are present"
group:
name: "{{ group }}"
@@ -71,6 +96,8 @@
append: yes
when: user.groups is defined

# Permissions on home directory

- name: "Home directory for '{{ user.name }}' is not accessible by group and other users"
file:
name: '/home/{{ user.name }}'
@@ -86,7 +113,7 @@
check_mode: no
register: grep_profile_evomaintenance

# Don't add the trap if it is present or commented
## Don't add the trap if it is present or commented
- name: "User '{{ user.name }}' has its shell trap for evomaintenance"
lineinfile:
state: present


Loading…
Cancel
Save