Configure the list of users and/or groups that can run sudo commands without a password.
Some automation systems require passwordless sudo in order to function in certain scenarios. Letting any user operate sudo without a password strips an important layer of security from your system, and is not recommended for general use. Make sure you've compensated for the increased risk with additional layers of protection to your system, such as removing default users, blocking ssh access, disabling password logins, password-protecting private ssh keys, etc.
- OS: Debian or Red Hat
- Sudo installed
- Defaults to empty
[]
.
- Defaults to empty
[]
None.
- hosts: servers
gather_facts: true
become: true
vars:
passwordless_sudo_users:
- lskywalker
passwordless_sudo_groups:
- automators
roles:
- name: Configure passwordless sudoers
role: acromedia.passwordless-sudo
GPLv3