kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized security with administrator user

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2020-12-31 17:01:47 +01:00
parent 8d4878d299
commit 11deb714b9
5 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/native-user-administrator/Readme.md
View File

@@ -1,4 +1,4 @@
# Role Administrator
This role creates an standard administrator user.
This user needs to type in his password before executing sudo.
For security reasons it's recommended to use this user instead of the standard root user.
Please consider the concerns in this article https://unix.stackexchange.com/questions/92123/rsync-all-files-of-remote-machine-over-ssh-without-root-user.

2
roles/native-user-administrator/files/administrator.conf Normal file
View File

@@ -0,0 +1,2 @@
Defaults targetpw
administrator ALL=(ALL) ALL

6
roles/native-user-administrator/tasks/main.yml
View File

@@ -14,7 +14,7 @@
group: administrator
mode: '0644'
- name: grant administrator sudo rights without password
- name: grant administrator sudo rights with password
copy:
content: '%administrator ALL=(ALL) NOPASSWD: ALL'
dest: /etc/sudoers.d/administrator
src: "administrator.conf"
dest: /etc/sudoers.d/administrator.conf