community.general.sudoers module – Manage sudoers files
Note
This module is part of the community.general collection (version 9.4.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.sudoers.
New in community.general 4.3.0
Synopsis
This module allows for the manipulation of sudoers files.
Parameters
Parameter |
Comments |
|---|---|
The commands allowed by the sudoers rule. Multiple can be added by passing a list of commands. Use |
|
The name of the group for the sudoers rule. This option cannot be used in conjunction with |
|
Specify the host the rule is for. Default: |
|
The name of the sudoers rule. This will be used for the filename for the sudoers file managed by this rule. |
|
Whether a command is prevented to run further commands itself. Choices:
|
|
Whether a password will be required to run the sudo’d command. Choices:
|
|
Specify the target user the command(s) will run as. |
|
Whether to allow keeping the environment when command is run with sudo. Choices:
|
|
Whether the rule should exist or not. Choices:
|
|
The path which sudoers config files will be managed in. Default: |
|
The name of the user for the sudoers rule. This option cannot be used in conjunction with |
|
If If If Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Allow the backup user to sudo /usr/local/bin/backup
community.general.sudoers:
name: allow-backup
state: present
user: backup
commands: /usr/local/bin/backup
- name: Allow the bob user to run any commands as alice with sudo -u alice
community.general.sudoers:
name: bob-do-as-alice
state: present
user: bob
runas: alice
commands: ALL
- name: >-
Allow the monitoring group to run sudo /usr/local/bin/gather-app-metrics
without requiring a password on the host called webserver
community.general.sudoers:
name: monitor-app
group: monitoring
host: webserver
commands: /usr/local/bin/gather-app-metrics
- name: >-
Allow the alice user to run sudo /bin/systemctl restart my-service or
sudo /bin/systemctl reload my-service, but a password is required
community.general.sudoers:
name: alice-service
user: alice
commands:
- /bin/systemctl restart my-service
- /bin/systemctl reload my-service
nopassword: false
- name: Revoke the previous sudo grants given to the alice user
community.general.sudoers:
name: alice-service
state: absent
- name: Allow alice to sudo /usr/local/bin/upload and keep env variables
community.general.sudoers:
name: allow-alice-upload
user: alice
commands: /usr/local/bin/upload
setenv: true
- name: >-
Allow alice to sudo /usr/bin/less but prevent less from
running further commands itself
community.general.sudoers:
name: allow-alice-restricted-less
user: alice
commands: /usr/bin/less
noexec: true