Sudo
This is the role to control sudo(ers)
Requirements
none
General
- can enforce all sudo-settings
- can en/disable local sudo group and overwrite the users of it
Role Variables
| Name | Type | Default value | Purpose | Comment | Role |
|---|---|---|---|---|---|
| sudo_conf | Boolean | false | indicates if sudoers management is enabled | - | jammy_sudo |
| sudo_enforce_s4d_sudoers_strongly | Boolean | true | indicates if sudoers management is enabled and OVERRIDE it | if true, deletes all contents of /etc/sudoers.d/ and rebootstrap it with CxS configs each config run | jammy_sudo |
| sudo_localgroup_sudo_is_enabled | Boolean | false | indicates local sudo group is enabled | - | jammy_sudo |
| sudo_by_groups | String | false | this groups will have sudo rights | Groups have to be comma & space separated "group1, group2, group3" | jammy_sudo |
| sudo_users_in_localgroup_sudo | String | false | if local sudo groups are enabled, this string can overwrite its contents (users) | Users have to be comma & space separated "user1, user2, user3" | jammy_sudo |
| sudo_sudoersd_additional_entries | String | false | if special sudoers are needed (group xy can only execute command yx), this var can be used | Multiple entry can be pushed, and also multiple commands as following | jammy_sudo |
sudo_sudoersd_additional_entries:
- name: nameofsudoers.d/file
group: sysop
commands:
- "/usr/bin/htop"
- "/usr/bin/glances"
- name: zabbix
group: zabbix
commands: "/usr/sbin/smartctl"
please note, that you have to use full paths for the commands, only "htop" would produce a syntax error. for more details please have a look at the underlining sudo-module of ansible
Dependencies
Role dependencies
Package dependencies
Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
BSD
Author Information
Maintainer: Niklaus Kappeler
Support-Contact: s4d-linux-support@id.ethz.ch