Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

ipa/client: Disable password-less sudo task

Browse source 
Signed-off-by: Nils Philippsen <nils@redhat.com>
This commit is contained in:
Nils Philippsen 2021-01-22 17:39:28 +01:00
parent a64e758ccf
commit 705b35530e
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
roles/ipa/client/tasks/sudo.yml
View file

@ -29,6 +29,7 @@
runasgroupcategory: "all"
when: ipa_client_sudo_groups is defined and ipa_client_sudo_groups | length > 0
## Disabled: Remove "False and" from when: to re-enable
- name: "Give certain groups password-less sudo access to anything on host group {{ ipa_host_group }}"
ipasudorule:
name: "hostgroup/{{ ipa_host_group }}/nopasswd"
@ -41,4 +42,4 @@
runasusercategory: "all"
runasgroupcategory: "all"
options: "!authenticate"
when: ipa_client_sudo_groups_nopasswd is defined and ipa_client_sudo_groups_nopasswd | length > 0
when: False and ipa_client_sudo_groups_nopasswd is defined and ipa_client_sudo_groups_nopasswd | length > 0