users: do not add users to the sudo group if they are not meant to be administrators.
This commit is contained in:
parent
5556c1318d
commit
805062b3c0
|
@ -14,4 +14,4 @@ users_update_password: 'on_create'
|
||||||
#users_system_users:
|
#users_system_users:
|
||||||
# - { login: 'foo', name: "Foo Bar", home: '{{ users_home_dir }}', createhome: 'yes', ssh_key: '{{ foo_ssh_key }}', shell: '/bin/bash', admin: False, log_as_root: False }
|
# - { login: 'foo', name: "Foo Bar", home: '{{ users_home_dir }}', createhome: 'yes', ssh_key: '{{ foo_ssh_key }}', shell: '/bin/bash', admin: False, log_as_root: False }
|
||||||
#users_additional_groups:
|
#users_additional_groups:
|
||||||
# -
|
# - { group: 'foo' }
|
||||||
|
|
|
@ -25,6 +25,7 @@
|
||||||
- name: Add the admin users to the sudoers group
|
- name: Add the admin users to the sudoers group
|
||||||
user: name={{ item.login }} groups={{ users_sudoers_group }} append=yes
|
user: name={{ item.login }} groups={{ users_sudoers_group }} append=yes
|
||||||
with_items: '{{ users_system_users | default([]) }}'
|
with_items: '{{ users_system_users | default([]) }}'
|
||||||
|
when: item.admin
|
||||||
|
|
||||||
- name: ensure that the users can login with their ssh keys as root if we want ensure direct access
|
- name: ensure that the users can login with their ssh keys as root if we want ensure direct access
|
||||||
authorized_key: user=root key="{{ item.ssh_key }}" state=present
|
authorized_key: user=root key="{{ item.ssh_key }}" state=present
|
||||||
|
|
Loading…
Reference in New Issue