From 9a874344649665bc52f614a714de4c66856eec48 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 14 Oct 2020 23:09:41 -0400
Subject: [PATCH] Update admin-user.yml

---
 roles/iiab-admin/tasks/admin-user.yml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml
index 55bc01701..834b264f4 100644
--- a/roles/iiab-admin/tasks/admin-user.yml
+++ b/roles/iiab-admin/tasks/admin-user.yml
@@ -37,32 +37,32 @@
   failed_when: False    # Hides red errors (stronger than 'ignore_errors: yes')
 
 
-- name: Edit the sudoers file -- first make it editable (0640)
+- name: Temporarily make file /etc/sudoers editable (0640)
   file:
     path: /etc/sudoers
     mode: 0640
 
-- name: Have sudo log all commands it handles
+- name: '/etc/sudoers: Have sudo log all commands to /var/log/sudo.log'
   lineinfile:
+    path: /etc/sudoers
     regexp: logfile
     line: "Defaults     logfile = /var/log/sudo.log"
-    dest: /etc/sudoers
-    state: present
 
 #- name: Lets {{ iiab_admin_user }} sudo without password
 ##- name: Lets wheel sudo without password
 #  lineinfile:
+#    path: /etc/sudoers
 #    line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL"
 ##    line: "%wheel ALL= NOPASSWD: ALL"
-#    dest: /etc/sudoers
 
-- name: Remove the line which requires tty
-  lineinfile:
-    regexp: requiretty
-    dest: /etc/sudoers
-    state: absent
+# Not nec (heavyhanded removal of customizations+comments) given sudo defaults.
+#- name: Remove all lines that contain 'requiretty'
+#  lineinfile:
+#    path: /etc/sudoers
+#    regexp: requiretty
+#    state: absent
 
-- name: End editing the sudoers file -- protect it again (0440)
+- name: End editing file /etc/sudoers -- protect it again (0440)
   file:
     path: /etc/sudoers
     mode: 0440