community / community.general / 6.6.8 / module / sudoers Manage sudoers files | "added in version" 4.3.0 of community.general" Authors: Jon Ellis (@JonEllis) <ellis.jp@gmail.com>community.general.sudoers (6.6.8) — module
Install with ansible-galaxy collection install community.general:==6.6.8
collections: - name: community.general version: 6.6.8
This module allows for the manipulation of sudoers files.
- name: Allow the backup user to sudo /usr/local/bin/backup community.general.sudoers: name: allow-backup state: present user: backup commands: /usr/local/bin/backup
- name: Allow the bob user to run any commands as alice with sudo -u alice community.general.sudoers: name: bob-do-as-alice state: present user: bob runas: alice commands: ALL
- name: >- Allow the monitoring group to run sudo /usr/local/bin/gather-app-metrics without requiring a password on the host called webserver community.general.sudoers: name: monitor-app group: monitoring host: webserver commands: /usr/local/bin/gather-app-metrics
- name: >- Allow the alice user to run sudo /bin/systemctl restart my-service or sudo /bin/systemctl reload my-service, but a password is required community.general.sudoers: name: alice-service user: alice commands: - /bin/systemctl restart my-service - /bin/systemctl reload my-service nopassword: false
- name: Revoke the previous sudo grants given to the alice user community.general.sudoers: name: alice-service state: absent
- name: Allow alice to sudo /usr/local/bin/upload and keep env variables community.general.sudoers: name: allow-alice-upload user: alice commands: /usr/local/bin/upload setenv: true
host: default: ALL description: - Specify the host the rule is for. type: str version_added: 6.2.0 version_added_collection: community.general name: description: - The name of the sudoers rule. - This will be used for the filename for the sudoers file managed by this rule. required: true type: str user: description: - The name of the user for the sudoers rule. - This option cannot be used in conjunction with I(group). type: str group: description: - The name of the group for the sudoers rule. - This option cannot be used in conjunction with I(user). type: str runas: description: - Specify the target user the command(s) will run as. type: str version_added: 4.7.0 version_added_collection: community.general state: choices: - present - absent default: present description: - Whether the rule should exist or not. type: str setenv: default: false description: - Whether to allow keeping the environment when command is run with sudo. type: bool version_added: 6.3.0 version_added_collection: community.general commands: description: - The commands allowed by the sudoers rule. - Multiple can be added by passing a list of commands. - Use C(ALL) for all commands. elements: str type: list nopassword: default: true description: - Whether a password will be required to run the sudo'd command. type: bool validation: choices: - absent - detect - required default: detect description: - If C(absent), the sudoers rule will be added without validation. - If C(detect) and visudo is available, then the sudoers rule will be validated by visudo. - If C(required), visudo must be available to validate the sudoers rule. type: str version_added: 5.2.0 version_added_collection: community.general sudoers_path: default: /etc/sudoers.d description: - The path which sudoers config files will be managed in. type: str