feat: pouvoir sudo su avec un password spécifique au user

steamulo · Jan 2, 2025 · ca086b4 · ca086b4
1 parent d754d22
commit ca086b4
Showing 1 changed file with 5 additions and 19 deletions.
diff --git a/tasks/users.yml b/tasks/users.yml
@@ -7,24 +7,14 @@
     - admin
     - sudo
 
-- name: Allow sudo group to have passwordless sudo
+- name: Configure sudoers file for each user
   lineinfile:
     dest: /etc/sudoers
     state: present
-    regexp: '^%sudo'
-    line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
+    regexp: '^{{ item.user }} ALL='
+    line: "{{ item.user }} ALL=(ALL:ALL) {{ 'NOPASSWD: ALL' if not item.sudo_password else 'ALL' }}"
     validate: visudo -cf %s
-  when: basic_passwordless_sudo
-
-- name: Creating users groups (1)
-  group:
-    name: "{{ item }}"
-  loop: "{{ basic_sudo_users | union(basic_standard_users) | map(attribute='user') | list }}"
-
-- name: Creating users groups (2)
-  group:
-    name: "{{ item }}"
-  loop: "{{ basic_sudo_users | union(basic_standard_users) | selectattr('groups','defined') | map(attribute='groups') | flatten }}"
+  loop: "{{ basic_sudo_users }}"
 
 - name: Creating sudo users
   user:
@@ -52,11 +42,7 @@
     key: "{{ item.authorized_keys | join('\n') }}"
     exclusive: true
   loop: "{{ basic_sudo_users | union(basic_standard_users) }}"
-
-- name: Lock root user (passwd -l root equivalent)
-  user:
-    name: root
-    password: "!"
+  when: item.authorized_keys is defined and item.authorized_keys | length > 0
 
 #- name: Set chattr -R -a on users' files and directories  TODO fix me
 #  command: "chattr -R -a /home/{{ item }}"