better sudoers support & default gid
add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
This commit is contained in:
parent
6b1d798302
commit
f25cec613a
@ -25,6 +25,7 @@ include:
|
|||||||
- group: {{ name }}
|
- group: {{ name }}
|
||||||
group.present:
|
group.present:
|
||||||
- name: {{ name }}
|
- name: {{ name }}
|
||||||
|
- gid: {{ user['uid'] }}
|
||||||
user.present:
|
user.present:
|
||||||
- name: {{ name }}
|
- name: {{ name }}
|
||||||
- home: {{ home }}
|
- home: {{ home }}
|
||||||
@ -101,15 +102,25 @@ ssh_auth_{{ name }}_{{ loop.index0 }}:
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if 'sudouser' in user %}
|
|
||||||
sudoer-{{ name }}:
|
|
||||||
file.append:
|
|
||||||
- name: /etc/sudoers
|
|
||||||
- text:
|
|
||||||
- "{{ name }} ALL=(ALL) NOPASSWD: ALL"
|
|
||||||
- require:
|
|
||||||
- file: sudoer-defaults
|
|
||||||
|
|
||||||
|
{% if 'sudouser' in user and user['sudouser'] %}
|
||||||
|
sudoer-{{ name }}:
|
||||||
|
file.managed:
|
||||||
|
- name: /etc/sudoers.d/{{ name }}
|
||||||
|
- user: root
|
||||||
|
- group: root
|
||||||
|
- mode: '0440'
|
||||||
|
/etc/sudoers.d/{{ name }}:
|
||||||
|
file.append:
|
||||||
|
- text:
|
||||||
|
- "{{ name }} ALL=(ALL) NOPASSWD: ALL"
|
||||||
|
- require:
|
||||||
|
- file: sudoer-defaults
|
||||||
|
- file: sudoer-{{ name }}
|
||||||
|
{% else %}
|
||||||
|
/etc/sudoers.d/{{ name }}:
|
||||||
|
file.absent:
|
||||||
|
- name: /etc/sudoers.d/{{ name }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
@ -117,4 +128,7 @@ sudoer-{{ name }}:
|
|||||||
{% for user in pillar.get('absent_users', []) %}
|
{% for user in pillar.get('absent_users', []) %}
|
||||||
{{ user }}:
|
{{ user }}:
|
||||||
user.absent
|
user.absent
|
||||||
|
/etc/sudoers.d/{{ user }}:
|
||||||
|
file.absent:
|
||||||
|
- name: /etc/sudoers.d/{{ user }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
Loading…
Reference in New Issue
Block a user