lineinfile is evil

2018-05-27 00:46:56 +00:00 · 2018-05-27 00:46:56 +00:00 · 07709f793b
commit 07709f793b
parent 270b6f92a3
2 changed files with 16 additions and 2 deletions
--- a/files/common/mock
+++ b/files/common/mock
@ -0,0 +1,15 @@
+%PAM-1.0
+auth            sufficient      pam_rootok.so
+auth            sufficient      pam_succeed_if.so user ingroup mock use_uid quiet
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth           sufficient      pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth           required        pam_wheel.so use_uid
+auth            include         system-auth
+account         sufficient      pam_succeed_if.so user ingroup mock use_uid quiet
+account         include         system-auth
+password        include         system-auth
+session         include         system-auth
+account sufficient pam_succeed_if.so user ingroup packager use_uid quiet
+auth sufficient pam_succeed_if.so user ingroup packager use_uid quiet
+session         optional        pam_xauth.so
--- a/playbooks/groups/maintainer-test.yml
+++ b/playbooks/groups/maintainer-test.yml
@ -61,8 +61,7 @@
    - packages

  - name: allow packagers to use mock
-    lineinfile: dest=/etc/pam.d/mock line="{{ item }} sufficient pam_succeed_if.so user ingroup packager use_uid quiet" insertbefore=BOF
-    when: ansible_distribution_major_version|int > 23
+    copy: dest=/etc/pam.d/mock src="{{ files }}/common/mock
    with_items:
    - account
    - auth