Skip to content

claranet/ansible-role-sudo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
.github
.github
 
 
defaults
defaults
 
 
meta
meta
 
 
molecule/default
molecule/default
 
 
tasks
tasks
 
 
templates
templates
 
 
.ansible-lint
.ansible-lint
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.yamllint
.yamllint
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
HARDENING.md
HARDENING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Ansible role - sudo

Maintainer License Release Status Ansible version Ansible Galaxy

⭐ Star us on GitHub — it motivates us a lot!

Install and Configure sudo

⚠️ Requirements

Ansible >= 2.10

⚡ Installation

ansible-galaxy install claranet.sudo

⚙️ Role variables

Variable Default value Description
sudo_config_directory /etc/sudoers.d directory which contains sudo rigths files
sudo_allow_install_package true install sudo package before set rigths
sudo_rights {} contains all sudo rigths to set: 👉 attributes description of variable sudo_rights
sudo_purge_others_config false purge others file which aren't in our sudo rights configuration
sudo_command_aliases {} set command alias: name of command alias as key and list of commands as value
sudo_user_aliases {} set user alias: name of user alias as key and list of users as value
sudo_host_aliases {} set host alias: name of host alias as key and list of host as values
sudo_runas_aliases {} set sudoers run as

⚙️ Attributes of variable sudo_rights

  • name: String which represent the name of user or group to give the rights. For group, use %name_of_group
  • no_passwd: Boolean attribut for set if we want to use command(s) with or without password
  • from_hosts: String which specify hosts where we can make these actions
  • as_user: User to substitute for execute commands
  • as_group: Group to substitute for execute commands
  • commands: List of commands which can be execute by sudoers
  • state: can be present or absent for add or delete rigths.

🔄 Dependencies

N/A

✏️ Example Playbook

---
- hosts: all
  vars:
      sudo_purge_others_config: true

      sudo_user_aliases:
        test: ["secondusersudo", "firstusersudo"]

      sudo_command_aliases:
        SHUTDOWN: ["/usr/sbin/reboot","/usr/sbin/poweroff"]
      
      sudo_rights:
        allowrebootsudo:                          # required
          - name: "TEST"                          # required
            no_passwd: true                       # default is false
            from_hosts: ALL                       # can be ommit, default is ALL
            as_user: ALL                          # can be ommit, default is ALL
            as_group: ALL                         # can be ommit, default is ALL
            commands: SHUTDOWN                    # required
            state: present                        # can be ommit, default is present

        allowtailsudo:                            # second user's rights
          - name: "firstusersudo"
            no_passwd: true
            from_hosts: ALL
            as_user: ALL
            as_group: ALL
            commands:
              - /usr/bin/tail -f /dev/null
            state: present
    roles:
      - role: claranet.sudo
        become: true

🔐 Hardening

😻 Contributing

©️ License

Mozilla Public License Version 2.0

About

Install and configure sudo

Topics

ansible sudo role claranet

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

12 watching

Forks

2 forks
Report repository

Releases 4

1.1.1 Latest
Jul 4, 2024
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages