search

robertdebock / ansible-role-users

The purpose of this role is to add users and groups on your system.
https://robertdebock.nl/
Apache License 2.0
43 stars 27 forks source link

Confirm/fix sudoers syntax #40

Closed jkirk closed 2 months ago

jkirk commented 3 months ago

I just reviewed the configuration and found this line:

https://github.com/robertdebock/ansible-role-users/blob/0775839ddef908c0bb66006761ec978e50547907/templates/sudo_group.j2#L4

According to the sudoers(5) man page, a group is prefixed with a single '%' (see the section Aliases > User ::=).

Is that a typo or am I reading it wrong or does it mean something else?

I tried something like this:

  roles:
    - role: robertdebock.users
      users_groups:
        - name: mygroup
          sudo_options: ["ALL=NOPASSWD: ALL"]
      users:
        - name: 'myuser'
          group: mygroup

Which creates this /etc/sudoers.d/mygroup:

#                                                                                                        
# HEADER: managed by ansible, do NOT edit manually!                                                      
#                                                                                                        
%%mygroup ALL=NOPASSWD: ALL

I don't think this is correct, or?

FTR, i worked around this, by using this line:

          sudo_options: "%mygroup ALL=NOPASSWD: ALL"
robertdebock commented 2 months ago

You are correct, I'm not sure where the double % came from, let me change it to a single one.