mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Update admin-user.yml
This commit is contained in:
parent
54958601f7
commit
9a87434464
1 changed files with 11 additions and 11 deletions
|
@ -37,32 +37,32 @@
|
|||
failed_when: False # Hides red errors (stronger than 'ignore_errors: yes')
|
||||
|
||||
|
||||
- name: Edit the sudoers file -- first make it editable (0640)
|
||||
- name: Temporarily make file /etc/sudoers editable (0640)
|
||||
file:
|
||||
path: /etc/sudoers
|
||||
mode: 0640
|
||||
|
||||
- name: Have sudo log all commands it handles
|
||||
- name: '/etc/sudoers: Have sudo log all commands to /var/log/sudo.log'
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
regexp: logfile
|
||||
line: "Defaults logfile = /var/log/sudo.log"
|
||||
dest: /etc/sudoers
|
||||
state: present
|
||||
|
||||
#- name: Lets {{ iiab_admin_user }} sudo without password
|
||||
##- name: Lets wheel sudo without password
|
||||
# lineinfile:
|
||||
# path: /etc/sudoers
|
||||
# line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL"
|
||||
## line: "%wheel ALL= NOPASSWD: ALL"
|
||||
# dest: /etc/sudoers
|
||||
|
||||
- name: Remove the line which requires tty
|
||||
lineinfile:
|
||||
regexp: requiretty
|
||||
dest: /etc/sudoers
|
||||
state: absent
|
||||
# Not nec (heavyhanded removal of customizations+comments) given sudo defaults.
|
||||
#- name: Remove all lines that contain 'requiretty'
|
||||
# lineinfile:
|
||||
# path: /etc/sudoers
|
||||
# regexp: requiretty
|
||||
# state: absent
|
||||
|
||||
- name: End editing the sudoers file -- protect it again (0440)
|
||||
- name: End editing file /etc/sudoers -- protect it again (0440)
|
||||
file:
|
||||
path: /etc/sudoers
|
||||
mode: 0440
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue