-
Notifications
You must be signed in to change notification settings - Fork 45
/
main.yml
76 lines (75 loc) · 2.01 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
---
sudoers_rewrite_default_sudoers_file: True
sudoers_remove_unauthorized_included_files: False
# backups occur on the ansible control node by fetching the remote files to prevent accidental inclusion in a includedir
## The default sudoers_backup_path will be relative to the playbook execution path
sudoers_backup: True
sudoers_backup_path: "sudoers-backups"
sudoers_backup_become: True
sudoers_visudo_path: "/usr/sbin/visudo"
# A default RHEL7.6 /etc/sudoers configuration was used to define the defaults
# Please check the defaults here to ensure you are applying sane settings for your OS
sudoers_files:
- path: "/etc/sudoers"
defaults:
- "!visiblepw"
- "always_set_home"
- "match_group_by_gid" # NOTE: for sudo>=1.8.18
- "always_query_group_plugin" # NOTE: maintains sudo pre-1.8.15 group behavior
- "env_reset"
- secure_path:
- "/sbin"
- "/bin"
- "/usr/sbin"
- "/usr/bin"
- env_keep:
- "COLORS"
- "DISPLAY"
- "HOSTNAME"
- "HISTSIZE"
- "KDEDIR"
- "LS_COLORS"
- "MAIL"
- "PS1"
- "PS2"
- "QTDIR"
- "USERNAME"
- "LANG"
- "LC_ADDRESS"
- "LC_CTYPE"
- "LC_COLLATE"
- "LC_IDENTIFICATION"
- "LC_MEASUREMENT"
- "LC_MESSAGES"
- "LC_MONETARY"
- "LC_NAME"
- "LC_NUMERIC"
- "LC_PAPER"
- "LC_TELEPHONE"
- "LC_TIME"
- "LC_ALL"
- "LANGUAGE"
- "LINGUAS"
- "_XKB_CHARSET"
- "XAUTHORITY"
user_specifications:
- users:
- "root"
hosts:
- "ALL"
operators:
- "ALL"
commands:
- "ALL"
- users:
- "%wheel"
hosts:
- "ALL"
operators:
- "ALL"
commands:
- "ALL"
include_directories:
- "/etc/sudoers.d"
# include_files: []
# aliases: []