Dustin C. Hatch
f16b7557cd
The *sudo* role installs `sudo` and configures policy for it. By default, users who are members of the *sudo* group can run any command as root.
26 lines
563 B
YAML
26 lines
563 B
YAML
- name: ensure sudo is installed
|
|
package:
|
|
name=sudo
|
|
state=present
|
|
|
|
- name: ensure sudo group exists
|
|
group:
|
|
name=sudo
|
|
state=present
|
|
- name: ensure admin users members of sudo group
|
|
user:
|
|
name={{ item }}
|
|
groups=sudo
|
|
append=yes
|
|
with_items: '{{ admin_users }}'
|
|
- name: ensure members of sudo group can use sudo
|
|
copy:
|
|
src: sudo.sudoers
|
|
dest: /etc/sudoers.d/10_sudo
|
|
mode: '0440'
|
|
validate: visudo -cf %s
|
|
- name: ensure legacy sudo group configuration is removed
|
|
file:
|
|
path=/etc/sudoers.d/sudo
|
|
state=absent
|