forked from evolix/ansible-roles
admin-users: passwordless sudo for come commands
This commit is contained in:
parent
5e949d74fd
commit
2179be09d1
|
@ -6,10 +6,6 @@
|
||||||
|
|
||||||
- include: ssh.yml
|
- include: ssh.yml
|
||||||
|
|
||||||
- include: sudo_jessie.yml
|
- include: sudo.yml
|
||||||
when: ansible_distribution_release == 'jessie'
|
|
||||||
|
|
||||||
- include: sudo_stretch.yml
|
|
||||||
when: ansible_distribution_release == 'stretch'
|
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -2,9 +2,9 @@
|
||||||
|
|
||||||
- name: Verify Evolinux sudoers file presence
|
- name: Verify Evolinux sudoers file presence
|
||||||
template:
|
template:
|
||||||
src: sudoers_debian.j2
|
src: sudoers_{{ ansible_distribution_release }}.j2
|
||||||
dest: /etc/sudoers.d/evolinux
|
dest: /etc/sudoers.d/evolinux
|
||||||
force: false
|
force: no
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
validate: '/usr/sbin/visudo -cf %s'
|
||||||
register: copy_sudoers_evolinux
|
register: copy_sudoers_evolinux
|
||||||
|
|
||||||
|
@ -20,4 +20,7 @@
|
||||||
regexp: '^(User_Alias\s+ADMINS\s+=((?!{{ user.name }}).)*)$'
|
regexp: '^(User_Alias\s+ADMINS\s+=((?!{{ user.name }}).)*)$'
|
||||||
replace: '\1,{{ user.name }}'
|
replace: '\1,{{ user.name }}'
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
validate: '/usr/sbin/visudo -cf %s'
|
||||||
when: not copy_sudoers_evolinux.changed
|
when:
|
||||||
|
- ansible_distribution == "Debian"
|
||||||
|
- ansible_distribution_major_version | version_compare('9', '<')
|
||||||
|
- not copy_sudoers_evolinux.changed
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: "'{{ user.name }}' is in the sudo group"
|
|
||||||
user:
|
|
||||||
name: "{{ user.name }}"
|
|
||||||
groups: sudo
|
|
||||||
append: yes
|
|
8
admin-users/templates/sudoers_stretch.j2
Normal file
8
admin-users/templates/sudoers_stretch.j2
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
Defaults umask=0077
|
||||||
|
|
||||||
|
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount
|
||||||
|
|
||||||
|
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||||
|
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||||
|
|
||||||
|
%sudo ALL = NOPASSWD: MAINT
|
Loading…
Reference in a new issue