mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-12-23 02:45:02 +01:00
Optimized security with administrator user
This commit is contained in:
parent
8d4878d299
commit
11deb714b9
@ -85,7 +85,7 @@ root ALL=(ALL) ALL
|
||||
# %wheel ALL=(ALL) NOPASSWD: ALL
|
||||
|
||||
## Uncomment to allow members of group sudo to execute any command
|
||||
%sudo ALL=(ALL) ALL
|
||||
# %sudo ALL=(ALL) ALL
|
||||
|
||||
## Uncomment to allow any user to run sudo if they know the password
|
||||
## of the user they are running the command as (root by default).
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Role Administrator
|
||||
This role creates an standard administrator user.
|
||||
This user needs to type in his password before executing sudo.
|
||||
For security reasons it's recommended to use this user instead of the standard root user.
|
||||
Please consider the concerns in this article https://unix.stackexchange.com/questions/92123/rsync-all-files-of-remote-machine-over-ssh-without-root-user.
|
||||
|
2
roles/native-user-administrator/files/administrator.conf
Normal file
2
roles/native-user-administrator/files/administrator.conf
Normal file
@ -0,0 +1,2 @@
|
||||
Defaults targetpw
|
||||
administrator ALL=(ALL) ALL
|
@ -14,7 +14,7 @@
|
||||
group: administrator
|
||||
mode: '0644'
|
||||
|
||||
- name: grant administrator sudo rights without password
|
||||
- name: grant administrator sudo rights with password
|
||||
copy:
|
||||
content: '%administrator ALL=(ALL) NOPASSWD: ALL'
|
||||
dest: /etc/sudoers.d/administrator
|
||||
src: "administrator.conf"
|
||||
dest: /etc/sudoers.d/administrator.conf
|
||||
|
@ -1,3 +1,4 @@
|
||||
dependencies:
|
||||
- native-ssh
|
||||
- native-user-alarm
|
||||
- native-user-administrator
|
||||
|
Loading…
Reference in New Issue
Block a user