user_services_perms: remove more stuff, fix some tasks so that they do not overlap with the users role.

user_services_perms/defaults/main.yml

@@ -1,21 +1,11 @@
 ---
-service_custom_installation: False
-service_user: sys_admin
-service_group: '{{ sys_user }}'
 service_sudoers_group: adminsu
 
-service_data_directory: /var/lib/foo
-#service_other_directories:
-#  - /var/lib/bar
-
-service_log_directories:
-  - /var/log/foo
-  - /var/log/foo/search  
-
+common_users_group: service_g
 # Define the following if you want some directories readable and writable by the common group but outside the default app data dirs
 #additional_data_directories:
-#  - { name: '/data/1', perms: 0755, create: True, owner: 'root', group: '{{ sys_group }}', aclperms: 'rwX' }
-#  - { name: '/data/2', create: False, perms: 0755, owner: 'root', group: '{{ sys_group }}', aclperms: 'rwX' }
+#  - { name: '/data/1', perms: 0755, create: True, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rwX' }
+#  - { name: '/data/2', create: False, perms: 0755, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rwX' }
 #  - { name: '/data/bah', create: False, perms: 0644, aclperms: 'rw' }
 
 # Define the following array when you want to add commands to the sudoers file

user_services_perms/tasks/common-users-data-dirs.yml

@@ -1,16 +1,25 @@
 ---
 - block:
+  - name: Create the common group used to setup acls
+    group: name={{ common_users_group }} state=present system=yes
+    when: additional_data_directories is defined
+
+  - name: Add selected users to the commong group
+    user: name={{ item.login }} groups={{ common_users_group }} append=yes
+    with_items: '{{ users_system_users | default([]) }}'
+    when: additional_data_directories is defined
+
   - name: Create the users additional data dirs
     file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }}
     with_items: '{{ additional_data_directories | default([]) }}'
     when: item.create and not item.file
 
   - name: Set the read/write/access permissions on the users additional data dirs
-    acl: name={{ item.name }} entity={{ service_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present recursive=yes
+    acl: name={{ item.name }} entity={{ common_users_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present recursive=yes
     with_items: '{{ additional_data_directories | default([])  }}'
 
   - name: Set the default read/write/access permissions on the users additional data dirs
-    acl: name={{ item.name }} entity={{ service_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present default=yes recursive=yes
+    acl: name={{ item.name }} entity={{ common_users_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present default=yes recursive=yes
     with_items: '{{ additional_data_directories | default([])  }}'
 
   tags: [ 'users', 'users_acl' ]

user_services_perms/tasks/main.yml

@@ -1,7 +1,5 @@
 ---
-- import_tasks: common-groups.yml
+- import_tasks: sudoers-groups.yml
 - import_tasks: sudo-config.yml
-- import_tasks: services-data-dirs.yml
-  when: service_custom_installation
 - import_tasks: common-users-data-dirs.yml
   when: additional_data_directories is defined

user_services_perms/tasks/services-data-dirs.yml

@@ -1,23 +0,0 @@
----
-- block:
-  - name: Create the service data dirs
-    file: name={{ item }} state=directory owner={{ service_user }} group={{ service_group }} mode=0750
-    with_items: '{{ service_other_directories }}'
-
-  - name: Set the read/write permissions on the service data dirs
-    acl: name={{ item }} entity={{ service_group }} etype=group permissions=rwX state=present recursive=yes
-    with_items: '{{ service_other_directories | default([]) }}'
-
-  - name: Set the default read/write permissions on the service data dirs
-    acl: name={{ item }} entity={{ service_group }} etype=group permissions=rwX state=present default=yes recursive=yes
-    with_items: '{{ service_other_directories | default([]) }}'
-
-  - name: Set the read permissions on the service log dirs
-    acl: name={{ item }} entity={{ service_group }} etype=group permissions=rX state=present recursive=yes
-    with_items: '{{ service_log_directories }}'
-
-  - name: Set the default read permissions on the service log dirs
-    acl: name={{ item }} entity={{ service_group }} etype=group permissions=rX state=present default=yes recursive=yes
-    with_items: '{{ service_log_directories }}'
-
-  tags: [ 'service', 'users' ]

user_services_perms/tasks/sudoers-groups.yml

@@ -1,12 +1,8 @@
 ---
 - block:
-  - name: Create the service user, if it is not used to run the tomcat instances
-    user: name={{ service_user }} home={{ service_data_directory }} createhome=no shell=/usr/sbin/nologin
-
   - name: Add the additional service groups
     group: name={{ item }} state=present
     with_items:
-      - '{{ service_group }}'
       - '{{ service_sudoers_group }}'
     
   - name: Add selected users to the limited sudoers group
@@ -15,9 +11,8 @@
     when: item.limited_sudoers_user
 
   - name: Remove selected users to the limited sudoers group
-    user: name={{ item.login }} groups={{ service_sudoers_group }}
+    user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
     with_items: '{{ users_system_users | default([]) }}'
     when: not item.limited_sudoers_user
 
-  when: service_custom_installation
   tags: [ 'services', 'users' ]