sudo

Sudo

license twitter

Sudo user permission structure based on arch's guide.

Description

Originally, the role was contained inside an user role. However, the sudo permissions complexity grew larger and more advance. This role's goal is to format a sudo permission structure with the idealogy of the guide under archlinux's wiki of the command.

The role applies the following structure:

admin

The admin system user ends up having default access to systemd, kill, and firewall commands.

devel system user

The devel user ends up having default access to package management. Anything development related should be chown to this user. As such, you keep permission structure from being given too much to a regular user.

user

The user in reference to this role gains the ability to run the shell of both admin and devel system users. If you want a better understanding what a "user" actually is here, look only to the user role to find more information. You can always also look at how the "joe" user is defined in the archlinux wiki.

Role Variables

The role has a couple of variables that should be changed. These variables are primarily the admin and the devel system account you want to use for the role to function properly. The listing below shows the commands with their default settings:

---

# normal user to have shell devel, admin access
user_name: some

# name of the devel user:group
devel_name: devel
# default shell for devel
devel_shell: /usr/bin/fish

# name of the admin user:group
admin_name: admin
# default shell for admin
admin_shell: /usr/bin/fish

Requirements

The role does need some type of user defined. So it should go without saying that it does require user to be declared prior to the role being used. Otherwise, you need to define your user similarly to the user role.

Usage

You should set up and define the defaults for the role. Along with it, you should also define the user_name. Then you can append the following to your playbook:

- hosts: servers
    roles:
        - abaez.users
        - { role: abaez.sudo, user_name: ale }

Author Information

Alejandro Baez

About

Sudo user permission structure based on archlinux sudo wiki.

Install
ansible-galaxy install abaez/ansible-role-sudo
GitHub repository
License
bsd-2-clause
Downloads
68
Owner
This be my github connection. Mostly only to contribute to things. Check instead https://sr.ht/~ab/ for my forge