forked from evolix/ansible-roles
admin-users: passwordless sudo for come commands
This commit is contained in:
parent
5e949d74fd
commit
2179be09d1
|
@ -6,10 +6,6 @@
|
|||
|
||||
- include: ssh.yml
|
||||
|
||||
- include: sudo_jessie.yml
|
||||
when: ansible_distribution_release == 'jessie'
|
||||
|
||||
- include: sudo_stretch.yml
|
||||
when: ansible_distribution_release == 'stretch'
|
||||
- include: sudo.yml
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
- name: Verify Evolinux sudoers file presence
|
||||
template:
|
||||
src: sudoers_debian.j2
|
||||
src: sudoers_{{ ansible_distribution_release }}.j2
|
||||
dest: /etc/sudoers.d/evolinux
|
||||
force: false
|
||||
force: no
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
register: copy_sudoers_evolinux
|
||||
|
||||
|
@ -20,4 +20,7 @@
|
|||
regexp: '^(User_Alias\s+ADMINS\s+=((?!{{ user.name }}).)*)$'
|
||||
replace: '\1,{{ user.name }}'
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
when: not copy_sudoers_evolinux.changed
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version | version_compare('9', '<')
|
||||
- not copy_sudoers_evolinux.changed
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
|
||||
- name: "'{{ user.name }}' is in the sudo group"
|
||||
user:
|
||||
name: "{{ user.name }}"
|
||||
groups: sudo
|
||||
append: yes
|
8
admin-users/templates/sudoers_stretch.j2
Normal file
8
admin-users/templates/sudoers_stretch.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
Defaults umask=0077
|
||||
|
||||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount
|
||||
|
||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||
|
||||
%sudo ALL = NOPASSWD: MAINT
|
Loading…
Reference in a new issue