diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml
index b768250c1..fa9420908 100644
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@@ -20,76 +20,70 @@
 - include_tasks: xo.yml
   when: xo_model != "none" or osbuilder is defined
 
-# the following installs common packages for both debian and fedora
 - include_tasks: packages.yml
-
 - include_tasks: iptables.yml
 
 - sysctl:
     name: net.ipv4.ip_forward
-    value: 1
+    value: '1'
     state: present
 
 - sysctl:
     name: net.ipv4.conf.default.rp_filter
-    value: 1
+    value: '1'
     state: present
 
 - sysctl:
     name: net.ipv4.conf.default.accept_source_route
-    value: 0
+    value: '0'
     state: present
 
 - sysctl:
     name: kernel.sysrq
-    value: 1
+    value: '1'
     state: present
 
 - sysctl:
     name: kernel.core_uses_pid
-    value: 1
+    value: '1'
     state: present
 
 - sysctl:
     name: net.ipv4.tcp_syncookies
-    value: 1
+    value: '1'
     state: present
 
 - sysctl:
     name: kernel.shmmax
-    value: 268435456
+    value: '268435456'
     state: present
 
 # IPv6 disabled
 
 - sysctl:
     name: net.ipv6.conf.all.disable_ipv6
-    value: 1
+    value: '1'
     state: present
 
 - sysctl:
     name: net.ipv6.conf.default.disable_ipv6
-    value: 1
+    value: '1'
     state: present
 
 - sysctl:
     name: net.ipv6.conf.lo.disable_ipv6
-    value: 1
+    value: '1'
     state: present
 
-- name: Install custom /etc/profile.d/zzz_iiab.sh from template
+- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
   template:
     dest: /etc/profile.d/zzz_iiab.sh
     src: zzz_iiab.sh
-    owner: root
-    mode: 0644
-    backup: no
 
 - include_tasks: net_mods.yml
   when: not is_debuntu and not is_F18
 
 - include_tasks: udev.yml
-
 - include_tasks: iiab-startup.yml
 
 - name: Recording STAGE 2 HAS COMPLETED ==========================