community.general.sudoers module – Manage sudoers files
Note
This module is part of the community.general collection (version 10.0.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.sudoers
.
New in community.general 4.3.0
Synopsis
This module allows for the manipulation of sudoers files.
Parameters
Parameter |
Comments |
---|---|
The commands allowed by the sudoers rule. Multiple can be added by passing a list of commands. Use |
|
The name of the group for the sudoers rule. This option cannot be used in conjunction with |
|
Specify the host the rule is for. Default: |
|
The name of the sudoers rule. This will be used for the filename for the sudoers file managed by this rule. |
|
Whether a command is prevented to run further commands itself. Choices:
|
|
Whether a password will be required to run the sudo’d command. Choices:
|
|
Specify the target user the command(s) will run as. |
|
Whether to allow keeping the environment when command is run with sudo. Choices:
|
|
Whether the rule should exist or not. Choices:
|
|
The path which sudoers config files will be managed in. Default: |
|
The name of the user for the sudoers rule. This option cannot be used in conjunction with |
|
If If If Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Allow the backup user to sudo /usr/local/bin/backup
community.general.sudoers:
name: allow-backup
state: present
user: backup
commands: /usr/local/bin/backup
- name: Allow the bob user to run any commands as alice with sudo -u alice
community.general.sudoers:
name: bob-do-as-alice
state: present
user: bob
runas: alice
commands: ALL
- name: >-
Allow the monitoring group to run sudo /usr/local/bin/gather-app-metrics
without requiring a password on the host called webserver
community.general.sudoers:
name: monitor-app
group: monitoring
host: webserver
commands: /usr/local/bin/gather-app-metrics
- name: >-
Allow the alice user to run sudo /bin/systemctl restart my-service or
sudo /bin/systemctl reload my-service, but a password is required
community.general.sudoers:
name: alice-service
user: alice
commands:
- /bin/systemctl restart my-service
- /bin/systemctl reload my-service
nopassword: false
- name: Revoke the previous sudo grants given to the alice user
community.general.sudoers:
name: alice-service
state: absent
- name: Allow alice to sudo /usr/local/bin/upload and keep env variables
community.general.sudoers:
name: allow-alice-upload
user: alice
commands: /usr/local/bin/upload
setenv: true
- name: >-
Allow alice to sudo /usr/bin/less but prevent less from
running further commands itself
community.general.sudoers:
name: allow-alice-restricted-less
user: alice
commands: /usr/bin/less
noexec: true