From 9a874344649665bc52f614a714de4c66856eec48 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 14 Oct 2020 23:09:41 -0400 Subject: [PATCH] Update admin-user.yml --- roles/iiab-admin/tasks/admin-user.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index 55bc01701..834b264f4 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -37,32 +37,32 @@ failed_when: False # Hides red errors (stronger than 'ignore_errors: yes') -- name: Edit the sudoers file -- first make it editable (0640) +- name: Temporarily make file /etc/sudoers editable (0640) file: path: /etc/sudoers mode: 0640 -- name: Have sudo log all commands it handles +- name: '/etc/sudoers: Have sudo log all commands to /var/log/sudo.log' lineinfile: + path: /etc/sudoers regexp: logfile line: "Defaults logfile = /var/log/sudo.log" - dest: /etc/sudoers - state: present #- name: Lets {{ iiab_admin_user }} sudo without password ##- name: Lets wheel sudo without password # lineinfile: +# path: /etc/sudoers # line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL" ## line: "%wheel ALL= NOPASSWD: ALL" -# dest: /etc/sudoers -- name: Remove the line which requires tty - lineinfile: - regexp: requiretty - dest: /etc/sudoers - state: absent +# Not nec (heavyhanded removal of customizations+comments) given sudo defaults. +#- name: Remove all lines that contain 'requiretty' +# lineinfile: +# path: /etc/sudoers +# regexp: requiretty +# state: absent -- name: End editing the sudoers file -- protect it again (0440) +- name: End editing file /etc/sudoers -- protect it again (0440) file: path: /etc/sudoers mode: 0440