ahuffman.sudoers
ahuffman.sudoers
This role manages the default /etc/sudoers file and any included files/directories.
Important: Version 2.0.0 and above has major changes, so please read the documentation carefully if you're upgrading from an older version.
Table of Contents
- Table of Contents
- Tips
- Role Variables
- sudoers_files Dictionary Fields
- Automatically Generating the Sudoers Files Data
- Example Playbooks
- License
- Author Information
Tips
| Tip: Explore these resources for help with sudoers configuration: |
|---|
| Starting Guide - Great for basic sudoers details and terms. |
| Sudoers Manual - Comprehensive details if you need deep knowledge. |
Role Variables
The default settings for this role are based on the standard RHEL7.6 /etc/sudoers file. Check the defaults in defaults/main.yml for compatibility with your operating system before use.
| Variable Name | Description | Default Value | Type |
|---|---|---|---|
| sudoers_rewrite_default_sudoers_file | Whether to use the role’s default definitions or the user-defined sudoers_files, replacing the supplied /etc/sudoers file. |
True | boolean |
| sudoers_remove_unauthorized_included_files | Warning! Removes any sudoer files in include_directories that are not defined in sudoers_files. |
False | boolean |
| sudoers_backup | Specifies if a backup of the current /etc/sudoers file should be created. |
True | boolean |
| sudoers_backup_path | Path for storing backups of defined sudoers_files. |
"sudoers_backups" | string |
| sudoers_backup_become | Specifies whether to use sudo for creating backup directories and files. | True | boolean |
| sudoers_visudo_path | Path to the visudo binary for validating sudoers changes. |
"/usr/sbin/visudo" | string |
| sudoers_files | Definition of your sudoers configurations | see defaults/main.yml | list of dictionaries |
sudoers_files Dictionary Fields
| Variable Name | Description | Type |
|---|---|---|
| path | Path for the configuration file on the filesystem. | string |
| aliases | Optional definitions of command, host, runas, or user aliases. | dictionary |
| defaults | Set default values for your sudoers configuration, with overrides possible via user_specifications. |
list |
| include_files | Specific files to include in the configuration. | list |
| include_directories | Specific directories to include in the configuration. | list |
| user_specifications | List of user specifications and default overrides for the configuration. | list |
sudoers_files.aliases Dictionary Fields
| Variable Name | Description | Type |
|---|---|---|
| cmnd_alias | List of command alias definitions. | list of dictionaries |
| host_alias | List of host alias definitions. | list of dictionaries |
| runas_alias | List of runas alias definitions. | list of dictionaries |
| user_alias | List of user alias definitions. | list of dictionaries |
user_specifications Dictionary Fields
This can assign user specifications or override defaults.
Standard user_specifications
| Variable Name | Description | Type |
|---|---|---|
| users | Users to apply the specification to (can use user_alias names). | list |
| hosts | Hosts to apply the specification to (can use host_alias names). | list |
| operators | Operators to apply the specification to (can use runas_alias names). | list |
| commands | Commands to apply the specification to (can use cmnd_alias names). | list |
Default Override user_specifications
| Variable Name | Description | Type |
|---|---|---|
| defaults | List of defaults to override in the configuration. | list |
| type | Type of override, affects the operator in the configuration. | string |
| commands | List of cmnd_alias names or commands to override default values. | list |
| hosts | List of host_alias names or host names to override default values. | list |
| operators | List of runas_alias names or user names to override default values. | list |
| users | List of user_alias names or user names to override default values. | list |
Automatically Generating the Sudoers Files Data
Feeling overwhelmed by the configuration? Use ahuffman.scan_sudoers to automatically create the necessary data structure for you. This role allows you to capture a running configuration and apply it elsewhere, helping to streamline your setup process.
Example Playbooks
RHEL7.6 Default Sudoers Configuration
- name: "Apply a RHEL7.6 Default /etc/sudoers configuration"
hosts: "all"
roles:
- role: "ahuffman.sudoers"
or with modern syntax:
- name: "Apply a RHEL7.6 Default /etc/sudoers configuration"
hosts: "all"
tasks:
- name: "Configure /etc/sudoers"
include_role:
name: "ahuffman.sudoers"
Migrating a Running Sudoers Configuration to Another Host
---
- name: "Collect Existing Sudoers Facts"
hosts: "source-host"
tasks:
- name: "Collect Running Sudoers Configuration"
include_role:
name: "ahuffman.scan_sudoers"
- name: "Set Collected Sudoers Facts"
set_fact:
sudoers_files: "{{ ansible_facts['sudoers'].sudoers_files }}"
- name: "Deploy Running Configuration to Target"
hosts: "destination-host"
tasks:
- include_role:
name: "ahuffman.sudoers"
vars:
sudoers_remove_unauthorized_included_files: True
This approach allows you to leverage Infrastructure-as-Code to migrate configurations efficiently.
License
Author Information
Informazioni sul progetto
Controls the configuration of the default /etc/sudoers file and included files/directories
Installa
ansible-galaxy install ahuffman.sudoersLicenza
mit
Download
40.2k
Proprietario