Browse Source

Replace wheel with sudo group

Ubuntu uses the `sudo` group to check if a user is allowed to `sudo`.
Passwordless sudo for the user is configured in `/etc/sudoers.d/`.
remove-logs
Andreas Linz 3 years ago
parent
commit
39939f8fad
2 changed files with 9 additions and 10 deletions
  1. +7
    -10
      roles/common/tasks/main.yml
  2. +2
    -0
      roles/common/templates/sudoers.tmpl

+ 7
- 10
roles/common/tasks/main.yml View File

@ -21,24 +21,21 @@
- name: Check wheel group
become: true
group:
name: wheel
name: sudo
state: present
- name: Allow wheel to sudo (with password)
- name: "Allow passwordless sudo for {{ user_name }}"
template:
src: sudoers.tmpl
dest: "/etc/sudoers.d/10-{{ user_name }}"
mode: 0444
become: true
lineinfile:
dest: /etc/sudoers
state: present
backup: true
regexp: '^#\s*%wheel\s+ALL=\(ALL\)\s+ALL$'
line: '%wheel ALL=(ALL) ALL'
- name: "Create user {{ user_name }}"
become: true
user:
name: "{{ user_name }}"
comment: "{{ user_email }}"
append: true
groups: wheel
# http://docs.ansible.com/ansible/user_module.html
groups: sudo
password: "{{ user_password }}"
- name: Authorize SSH key
authorized_key:

+ 2
- 0
roles/common/templates/sudoers.tmpl View File

@ -0,0 +1,2 @@
# Allow passworldess sudo
{{ user_name }} ALL=(ALL) NOPASSWD:ALL

Loading…
Cancel
Save