sudoers

Ansible Role: sudoers

Description

Manage sudoers and sudoers.d in Linux.

Installation

ansible-galaxy install arillso.sudoers

Requirements

None

Role Variables

sudoers_package

Name of package

sudoers_package: sudo

sudoers_sudoers

sudores file declarations

sudoers_sudoers_file: '/etc/sudoers'

sudoers_use_os_defaults

Includes default rules that ship with target distro (boolean)

sudoers_use_os_defaults: true

sudoers_sudoers

Default configuration options

sudoers_sudoers.defaults

default configuration options

sudoers_sudoers:
  defaults: []

sudoers_sudoers.defaults_*

Support for additional default types.

Sudoers manual excerpt:

Default_Type ::= 'Defaults' |
                 'Defaults' '@' Host_List |
                 'Defaults' ':' User_List |
                 'Defaults' '!' Cmnd_List |
                 'Defaults' '>' Runas_List

Variables:

sudoers_sudoers:
  defaults_host: []
  defaults_user: []
  defaults_cmnd: []
  defaults_runas: []

sudoers_sudoers.host_aliases

A list of aliases of type Host_Alias

Variable	Comments (type)
`sudoers_sudoers.host_aliases.name`:	Name of the alias
`sudoers_sudoers.host_aliases.members`	Member(s) of the alias

`sudoers_sudoers.user_aliases`

A list of aliases of type User_Alias

Variable	Comments (type)
`sudoers_sudoers.user_aliases.name`	Name of the alias
`sudoers_sudoers.user_aliases.members`	Member(s) of the alias

sudoers_sudoers.cmnd_aliases

A list of aliases of type Cmnd_Alias

Variable	Comments (type)
`sudoers_sudoers.cmnd_aliases.name`	Name of the alias
`sudoers_sudoers.cmnd_aliases.members`	Member(s) of the alias

sudoers_sudoers.runas_aliases

A list of aliases of type Runas_Alias

Variable	Comments (type)
`sudoers_sudoers.runas_aliases.name`	Name of the alias
`sudoers_sudoers.runas_aliases.members`	Member(s) of the alias

sudoers_sudoers.privileges`

List of privileges

Variable	Comments (type)
`sudoers_sudoers.privileges.name`	Name of user or group (group should be prefixed with '%')
`sudoers_sudoers.privileges.entry`	A privilege entry

Example

sudoers_sudoers:
  defaults:
    - env_reset
    - exempt_group=sudo
    - mail_badpass
    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  defaults_host:
    - host_list: SERVERS
      entry: log_year, logfile=/var/log/sudo.log
  defaults_user: 
    - user_list: FULLTIMERS
      entry: '!lecture'
  defaults_cmnd: 
    - cmnd_list: PAGERS
      entry: noexec
  defaults_runas:
    - runas_list: root
      entry: '!set_logname'
  host_aliases:
    - name: CUNETS
      members: 128.138.0.0/255.255.0.0
    - name: SERVERS
      members: master, mail, www, ns
  user_aliases:
    - name: FULLTIMERS
      members: millert, mikef, dowdy
    - name: PARTTIMERS
      members: bostley, jwfox, crawl
  cmnd_aliases:
    - name: KILL
      members: /usr/bin/kill
    - name: HALT
      members: /usr/sbin/halt
  privileges:
    - name: root
      entry: 'ALL=(ALL:ALL) ALL'
    - name: '%admin'
      entry: 'ALL=(ALL) ALL'
    - name: '%sudo'
      entry: 'ALL=NOPASSWD:ALL'

sudoers_sudoers_d_files

/etc/sudoers.d/* file(s) declarations

sudoers_sudoers_d_files.key

The name of the sudoers configuration file (e.g vagrant)

sudoers_sudoers_d_files:
  key:

Variable	Default	Comments (type)
`sudoers_sudoers_d_files.key.defaults`	`[]`	Default configuration options
`sudoers_sudoers_d_files.key.defaults_host`	`[]`	Defaults@ configuration options
`sudoers_sudoers_d_files.key.defaults_user`	`[]`	Defaults: configuration options
`sudoers_sudoers_d_files.key.defaults_cmnd`	`[]`	Defaults! configuration options
`sudoers_sudoers_d_files.key.defaults_runas`	`[]`	Defaults> configuration options
`sudoers_sudoers_d_files.key.host_aliases`	`[]`	A list of aliases of type `Host_Alias`
`sudoers_sudoers_d_files.key.host_aliases.name`		Name of the alias
`sudoers_sudoers_d_files.key.host_aliases.members`		Member(s) of the alias
`sudoers_sudoers_d_files.key.user_aliases`	`[]`	A list of aliases of type `User_Alias`
`sudoers_sudoers_d_files.key.user_aliases.name`		Name of the alias
`sudoers_sudoers_d_files.key.user_aliases.members`		Member(s) of the alias
`sudoers_sudoers_d_files.key.cmnd_aliases`	`[]`	A list of aliases of type `Cmnd_Alias`
`sudoers_sudoers_d_files.key.cmnd_aliases.name`		Name of the alias
`sudoers_sudoers_d_files.key.cmnd_aliases.members`		Member(s) of the alias
`sudoers_sudoers_d_files.key.runas_aliases`	`[]`	A list of aliases of type `Runas_Alias`
`sudoers_sudoers_d_files.key.runas_aliases.name`		Name of the alias
`sudoers_sudoers_d_files.key.runas_aliases.members`		Member(s) of the alias
`sudoers_sudoers_d_files.key.privileges`	`[]`	List of privileges
`sudoers_sudoers_d_files.key.privileges.name`		Name of user or group (group should be prefixed with '%')
`sudoers_sudoers_d_files.key.privileges.entry`		A privilege entry

Example

sudoers_sudoers_d_files:
  test:
    defaults:
      - env_reset
      - exempt_group=sudo
      - mail_badpass
      - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
    defaults_user:
      - user_list: test
        entry: '!authenticate'
    host_aliases:
      - name: WORKSTATIONS
        members: 128.138.0.0/255.255.0.0
    privileges:
      - name: test
        entry: 'ALL=(ALL:ALL) ALL'

Dependencies

None

Example Playbook

---
- hosts: all
  roles:
    - arillso.sudoers

Author

Simon Bärlocher
Mark van Driel
Mischa ter Smitten

License

This project is under the MIT License. See the LICENSE file for the full license text.

Copyright

About

Manage sudoers and sudoers.d in Linux.

role sudo system

Install

ansible-galaxy install arillso/ansible.sudoers

GitHub repository

6 stars

6 forks

3 open issues

License

mit

Downloads

640993

Owner

arillso