diff --git a/users/defaults/main.yml b/users/defaults/main.yml index 9d0ecda9..1ca43f58 100644 --- a/users/defaults/main.yml +++ b/users/defaults/main.yml @@ -5,7 +5,9 @@ # Users can have sudo privileges if the 'admin' property is 'true' # admin users can also directly log as root when 'user_admin_can_log_as_root' is set to 'true' -users_sudoers_group: sudo +deb_users_sudoers_group: sudo +rh_users_sudoers_group: wheel +users_sudoers_group: '{{ deb_users_sudoers_group }}' users_sudoers_create_group: False users_sudoers_create_sudo_conf: False users_home_dir: /home diff --git a/users/tasks/main.yml b/users/tasks/main.yml index 9f2bfe3d..9cf97397 100644 --- a/users/tasks/main.yml +++ b/users/tasks/main.yml @@ -22,10 +22,28 @@ with_items: '{{ users_system_users | default([]) }}' when: item.ssh_key is defined - - name: Add the admin users to the sudoers group - user: name={{ item.login }} groups={{ users_sudoers_group }} append=yes + - name: Add the admin users to the sudoers group on debian based systems + user: name={{ item.login }} groups={{ deb_users_sudoers_group }} append=yes with_items: '{{ users_system_users | default([]) }}' - when: item.admin + when: + - item.admin + - ansible_distribution_file_variety == "Debian" + + - name: Add the admin users to the sudoers group on rh/centos systems + user: name={{ item.login }} groups={{ rh_users_sudoers_group }} append=yes + with_items: '{{ users_system_users | default([]) }}' + when: + - item.admin + - ansible_distribution_file_variety == "RedHat" + + - name: Permit sudo without password + lineinfile: + path: /etc/sudoers + state: present + regexp: '^%{{ rh_users_sudoers_group }}\s' + line: '%{{ rh_users_sudoers_group }} ALL=(ALL) NOPASSWD: ALL' + when: ansible_distribution_file_variety == "RedHat" + tags: [ 'users', 'sudo_wheel' ] - name: ensure that the users can login with their ssh keys as root if we want ensure direct access authorized_key: user=root key="{{ item.ssh_key }}" state=present