Last Updated: February 25, 2016
·
2.506K
· jpmens

Distribute sudoers file safely

When templating a sudoers file onto machines, I (now) make sure the file is only installed to its final location if visudo has checked it.

I do something like this in my playbook:

- action: template src=sudoers.in dest=/etc/sudoers.tmp
- action: shell visudo -q -c -f /etc/sudoers.tmp && cp /etc/sudoers.tmp /etc/sudoers

1 Response
Add your response

in 1.2 you can use:

- action: templates src=sudoers.in dest=/etc/sudoers validate="visudo %s"

let there be cake anyways!

over 1 year ago ·