1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Update admin-user.yml

This commit is contained in:
A Holt 2020-10-14 23:09:41 -04:00 committed by GitHub
parent 54958601f7
commit 9a87434464
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -37,32 +37,32 @@
failed_when: False # Hides red errors (stronger than 'ignore_errors: yes')
- name: Edit the sudoers file -- first make it editable (0640)
- name: Temporarily make file /etc/sudoers editable (0640)
file:
path: /etc/sudoers
mode: 0640
- name: Have sudo log all commands it handles
- name: '/etc/sudoers: Have sudo log all commands to /var/log/sudo.log'
lineinfile:
path: /etc/sudoers
regexp: logfile
line: "Defaults logfile = /var/log/sudo.log"
dest: /etc/sudoers
state: present
#- name: Lets {{ iiab_admin_user }} sudo without password
##- name: Lets wheel sudo without password
# lineinfile:
# path: /etc/sudoers
# line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL"
## line: "%wheel ALL= NOPASSWD: ALL"
# dest: /etc/sudoers
- name: Remove the line which requires tty
lineinfile:
regexp: requiretty
dest: /etc/sudoers
state: absent
# Not nec (heavyhanded removal of customizations+comments) given sudo defaults.
#- name: Remove all lines that contain 'requiretty'
# lineinfile:
# path: /etc/sudoers
# regexp: requiretty
# state: absent
- name: End editing the sudoers file -- protect it again (0440)
- name: End editing file /etc/sudoers -- protect it again (0440)
file:
path: /etc/sudoers
mode: 0440