⭐ Star us on GitHub — it motivates us a lot!
Install and Configure sudo
Ansible >= 2.10
ansible-galaxy install claranet.sudo
Variable | Default value | Description |
---|---|---|
sudo_config_directory | /etc/sudoers.d | directory which contains sudo rigths files |
sudo_allow_install_package | true | install sudo package before set rigths |
sudo_rights | {} | contains all sudo rigths to set: 👉 attributes description of variable sudo_rights |
sudo_purge_others_config | false | purge others file which aren't in our sudo rights configuration |
sudo_command_aliases | {} | set command alias: name of command alias as key and list of commands as value |
sudo_user_aliases | {} | set user alias: name of user alias as key and list of users as value |
sudo_host_aliases | {} | set host alias: name of host alias as key and list of host as values |
sudo_runas_aliases | {} | set sudoers run as |
- name: String which represent the name of user or group to give the rights. For group, use %name_of_group
- no_passwd: Boolean attribut for set if we want to use command(s) with or without password
- from_hosts: String which specify hosts where we can make these actions
- as_user: User to substitute for execute commands
- as_group: Group to substitute for execute commands
- commands: List of commands which can be execute by sudoers
- state: can be present or absent for add or delete rigths.
N/A
---
- hosts: all
vars:
sudo_purge_others_config: true
sudo_user_aliases:
test: ["secondusersudo", "firstusersudo"]
sudo_command_aliases:
SHUTDOWN: ["/usr/sbin/reboot","/usr/sbin/poweroff"]
sudo_rights:
allowrebootsudo: # required
- name: "TEST" # required
no_passwd: true # default is false
from_hosts: ALL # can be ommit, default is ALL
as_user: ALL # can be ommit, default is ALL
as_group: ALL # can be ommit, default is ALL
commands: SHUTDOWN # required
state: present # can be ommit, default is present
allowtailsudo: # second user's rights
- name: "firstusersudo"
no_passwd: true
from_hosts: ALL
as_user: ALL
as_group: ALL
commands:
- /usr/bin/tail -f /dev/null
state: present
roles:
- role: claranet.sudo
become: true