Feat(roles/sudo): Disable `.sudo_as_admin_successful`

author Oleg Broytman <phd@phdru.name>

Mon, 4 Dec 2023 01:29:26 +0000 (04:29 +0300)

committer Oleg Broytman <phd@phdru.name>

Mon, 4 Dec 2023 01:29:26 +0000 (04:29 +0300)
author Oleg Broytman <phd@phdru.name>
Mon, 4 Dec 2023 01:29:26 +0000 (04:29 +0300)
committer Oleg Broytman <phd@phdru.name>
Mon, 4 Dec 2023 01:29:26 +0000 (04:29 +0300)
diff --git a/playbooks/roles/sudo/tasks/main.yaml b/playbooks/roles/sudo/tasks/main.yaml

index 0c8770706194b309ca7edc60dfd915b2af849898..ee444a5a8d625e6d70e0390cb66a50013db74eee 100644 (file)
--- a/playbooks/roles/sudo/tasks/main.yaml
+++ b/playbooks/roles/sudo/tasks/main.yaml
@@ -19,7 +19,9 @@
  - name: Allow passwordless operations for phd
    become: true
    copy:
-    content: 'phd      ALL=(ALL:ALL) NOPASSWD: ALL'
+    content: |
+      Defaults !admin_flag
+      phd      ALL=(ALL:ALL) NOPASSWD: ALL
      dest: /etc/sudoers.d/phd
      owner: root
      group: "{% if ansible_facts.os_family == 'Debian' %}sudo{% elif ansible_facts.os_family == 'RedHat' %}root{% endif %}"
author	Oleg Broytman <phd@phdru.name>
	Mon, 4 Dec 2023 01:29:26 +0000 (04:29 +0300)
committer	Oleg Broytman <phd@phdru.name>
	Mon, 4 Dec 2023 01:29:26 +0000 (04:29 +0300)