Optimized security with administrator user

This commit is contained in:
Kevin Veen-Birkenbach 2020-12-31 17:01:47 +01:00
parent 8d4878d299
commit 11deb714b9
5 changed files with 8 additions and 5 deletions

View File

@ -85,7 +85,7 @@ root ALL=(ALL) ALL
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
%sudo ALL=(ALL) ALL
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).

View File

@ -1,4 +1,4 @@
# Role Administrator
This role creates an standard administrator user.
This user needs to type in his password before executing sudo.
For security reasons it's recommended to use this user instead of the standard root user.
Please consider the concerns in this article https://unix.stackexchange.com/questions/92123/rsync-all-files-of-remote-machine-over-ssh-without-root-user.

View File

@ -0,0 +1,2 @@
Defaults targetpw
administrator ALL=(ALL) ALL

View File

@ -14,7 +14,7 @@
group: administrator
mode: '0644'
- name: grant administrator sudo rights without password
- name: grant administrator sudo rights with password
copy:
content: '%administrator ALL=(ALL) NOPASSWD: ALL'
dest: /etc/sudoers.d/administrator
src: "administrator.conf"
dest: /etc/sudoers.d/administrator.conf

View File

@ -1,3 +1,4 @@
dependencies:
- native-ssh
- native-user-alarm
- native-user-administrator