Sudo

A Sudo user permission structure based on Arch Linux's guide.

Description

Initially, the Sudo role was part of a basic user role. As the need for Sudo permissions became more complex, this separate role was created. Its purpose is to set up a Sudo permission structure based on the guidance provided in the Arch Linux wiki.

The role has the following structure:

admin

The admin user has default access to important system commands like systemd, kill, and firewall operations.

devel system user

The devel user has default access to package management. Any development-related tasks should be assigned to this user, preventing regular users from having excessive permissions.

user

In this context, a user can execute commands as both admin and devel users. For more details about what a "user" entails, refer to the user role or check out the example of the "joe" user in the Arch Linux wiki.

Role Variables

This role includes a few variables that can be customized. These mainly pertain to the admin and devel system accounts needed for the role to function correctly. Below are the default settings:

---

# Normal user with shell access to devel and admin
user_name: some

# Name of the devel user and group
devel_name: devel
# Default shell for devel
devel_shell: /usr/bin/fish

# Name of the admin user and group
admin_name: admin
# Default shell for admin
admin_shell: /usr/bin/fish

Requirements

This role requires a defined user. You must declare a user before using this role; otherwise, set up your user similar to the user role.

Usage

To use this role, set up the defaults and specify the user_name. Then, add the following to your playbook:

- hosts: servers
    roles:
        - abaez.users
        - { role: abaez.sudo, user_name: ale }

Author Information

Alejandro Baez