mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-22 12:41:05 +01:00
Optimized security with administrator user
This commit is contained in:
parent
8d4878d299
commit
11deb714b9
@ -85,7 +85,7 @@ root ALL=(ALL) ALL
|
|||||||
# %wheel ALL=(ALL) NOPASSWD: ALL
|
# %wheel ALL=(ALL) NOPASSWD: ALL
|
||||||
|
|
||||||
## Uncomment to allow members of group sudo to execute any command
|
## Uncomment to allow members of group sudo to execute any command
|
||||||
%sudo ALL=(ALL) ALL
|
# %sudo ALL=(ALL) ALL
|
||||||
|
|
||||||
## Uncomment to allow any user to run sudo if they know the password
|
## Uncomment to allow any user to run sudo if they know the password
|
||||||
## of the user they are running the command as (root by default).
|
## of the user they are running the command as (root by default).
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# Role Administrator
|
# Role Administrator
|
||||||
This role creates an standard administrator user.
|
This role creates an standard administrator user.
|
||||||
|
This user needs to type in his password before executing sudo.
|
||||||
For security reasons it's recommended to use this user instead of the standard root user.
|
For security reasons it's recommended to use this user instead of the standard root user.
|
||||||
Please consider the concerns in this article https://unix.stackexchange.com/questions/92123/rsync-all-files-of-remote-machine-over-ssh-without-root-user.
|
|
||||||
|
2
roles/native-user-administrator/files/administrator.conf
Normal file
2
roles/native-user-administrator/files/administrator.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Defaults targetpw
|
||||||
|
administrator ALL=(ALL) ALL
|
@ -14,7 +14,7 @@
|
|||||||
group: administrator
|
group: administrator
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
|
|
||||||
- name: grant administrator sudo rights without password
|
- name: grant administrator sudo rights with password
|
||||||
copy:
|
copy:
|
||||||
content: '%administrator ALL=(ALL) NOPASSWD: ALL'
|
src: "administrator.conf"
|
||||||
dest: /etc/sudoers.d/administrator
|
dest: /etc/sudoers.d/administrator.conf
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- native-ssh
|
- native-ssh
|
||||||
- native-user-alarm
|
- native-user-alarm
|
||||||
|
- native-user-administrator
|
||||||
|
Loading…
Reference in New Issue
Block a user