Distribute sudoers file safely
When templating a sudoers file onto machines, I (now) make sure the file is only installed to its final location if visudo has checked it.
I do something like this in my playbook:
- action: template src=sudoers.in dest=/etc/sudoers.tmp
- action: shell visudo -q -c -f /etc/sudoers.tmp && cp /etc/sudoers.tmp /etc/sudoers
Written by JP Mens
Related protips
1 Response
in 1.2 you can use:
- action: templates src=sudoers.in dest=/etc/sudoers validate="visudo %s"
let there be cake anyways!
over 1 year ago
·
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Best
#Ansible
Authors
Misha Behersky
78.97K
tartansandal
73.31K
Related Tags
#ansible
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#