Update admin-user.yml

2025-03-09 15:40:17 +00:00 · 2020-10-14 23:09:41 -04:00 · 2020-10-14 23:09:41 -04:00 · 9a87434464
commit 9a87434464
parent 54958601f7
1 changed files with 11 additions and 11 deletions
--- a/roles/iiab-admin/tasks/admin-user.yml
+++ b/roles/iiab-admin/tasks/admin-user.yml
@ -37,32 +37,32 @@
  failed_when: False    # Hides red errors (stronger than 'ignore_errors: yes')
- name: Edit the sudoers file -- first make it editable (0640)
+- name: Temporarily make file /etc/sudoers editable (0640)
  file:
    path: /etc/sudoers
    mode: 0640
- name: Have sudo log all commands it handles
+- name: '/etc/sudoers: Have sudo log all commands to /var/log/sudo.log'
  lineinfile:
    path: /etc/sudoers
    regexp: logfile
    line: "Defaults     logfile = /var/log/sudo.log"
    dest: /etc/sudoers
    state: present
 #- name: Lets {{ iiab_admin_user }} sudo without password
 ##- name: Lets wheel sudo without password
 #  lineinfile:
 #    path: /etc/sudoers
 #    line: "{{ iiab_admin_user }} ALL=(ALL) NOPASSWD: ALL"
 ##    line: "%wheel ALL= NOPASSWD: ALL"
 #    dest: /etc/sudoers
- name: Remove the line which requires tty
+# Not nec (heavyhanded removal of customizations+comments) given sudo defaults.
-  lineinfile:
+#- name: Remove all lines that contain 'requiretty'
-    regexp: requiretty
+#  lineinfile:
-    dest: /etc/sudoers
+#    path: /etc/sudoers
-    state: absent
+#    regexp: requiretty
 #    state: absent
- name: End editing the sudoers file -- protect it again (0440)
+- name: End editing file /etc/sudoers -- protect it again (0440)
  file:
    path: /etc/sudoers
    mode: 0440