lineinfile is evil

files/common/mock

@@ -0,0 +1,15 @@
+%PAM-1.0
+auth            sufficient      pam_rootok.so
+auth            sufficient      pam_succeed_if.so user ingroup mock use_uid quiet
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth           sufficient      pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth           required        pam_wheel.so use_uid
+auth            include         system-auth
+account         sufficient      pam_succeed_if.so user ingroup mock use_uid quiet
+account         include         system-auth
+password        include         system-auth
+session         include         system-auth
+account sufficient pam_succeed_if.so user ingroup packager use_uid quiet
+auth sufficient pam_succeed_if.so user ingroup packager use_uid quiet
+session         optional        pam_xauth.so

playbooks/groups/maintainer-test.yml

@@ -61,8 +61,7 @@
     - packages
 
   - name: allow packagers to use mock
-    lineinfile: dest=/etc/pam.d/mock line="{{ item }} sufficient pam_succeed_if.so user ingroup packager use_uid quiet" insertbefore=BOF
+    copy: dest=/etc/pam.d/mock src="{{ files }}/common/mock
-    when: ansible_distribution_major_version|int > 23
     with_items:
     - account
     - auth