mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-08 10:56:03 +02:00
validate the sudoers files before using
This is already done for the 'sudo' role, but we also have a few more sudoers files which currently go in unverified. Signed-off-by: Christian Heusel <christian@heusel.eu>
This commit is contained in:
parent
e7e6308606
commit
f38d013c04
|
@ -132,7 +132,7 @@
|
|||
- { name: SRCDEST, value: /var/lib/archbuilddest/srcdest }
|
||||
|
||||
- name: Install archbuild sudoers config
|
||||
copy: src=sudoers dest=/etc/sudoers.d/archbuild owner=root group=root mode=0440
|
||||
copy: src=sudoers dest=/etc/sudoers.d/archbuild owner=root group=root mode=0440 validate='visudo -cf %s'
|
||||
|
||||
- name: Install gitconfig
|
||||
copy: src=gitconfig dest=/etc/gitconfig owner=root group=root mode=0644
|
||||
|
|
|
@ -283,7 +283,7 @@
|
|||
when: archweb_site
|
||||
|
||||
- name: Install sudoer rights for fetchmail to call archweb django scripts
|
||||
template: src=sudoers-fetchmail-archweb.j2 dest=/etc/sudoers.d/fetchmail-archweb owner=root group=root mode=0440
|
||||
template: src=sudoers-fetchmail-archweb.j2 dest=/etc/sudoers.d/fetchmail-archweb owner=root group=root mode=0440 validate='visudo -cf %s'
|
||||
when: archweb_site
|
||||
|
||||
- name: Create retro dir
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
user: name=sourceballs shell=/sbin/nologin
|
||||
|
||||
- name: Set up sudoers.d for special users
|
||||
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
|
||||
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600 validate='visudo -cf %s'
|
||||
|
||||
- name: Create ssl cert
|
||||
include_role:
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
tags: ['archusers']
|
||||
|
||||
- name: Install phrik sudoers config
|
||||
copy: src=sudoers dest=/etc/sudoers.d/phrik owner=root group=root mode=0440
|
||||
copy: src=sudoers dest=/etc/sudoers.d/phrik owner=root group=root mode=0440 validate='visudo -cf %s'
|
||||
|
||||
- name: Install polkit rule for restarting phrik
|
||||
copy: src=20-manage-phrik.rules dest=/etc/polkit-1/rules.d/20-manage-phrik.rules owner=root group=root mode=0644
|
||||
|
|
|
@ -181,7 +181,7 @@
|
|||
when: "inventory_hostname == 'gemini.archlinux.org'"
|
||||
|
||||
- name: Install sudoers for btrfs
|
||||
copy: src=sudoers dest=/etc/sudoers.d/node_exporter owner=root group=root mode=0440
|
||||
copy: src=sudoers dest=/etc/sudoers.d/node_exporter owner=root group=root mode=0440 validate='visudo -cf %s'
|
||||
when: filesystem == "btrfs"
|
||||
|
||||
- name: Install btrfs textcollector service
|
||||
|
|
Loading…
Reference in New Issue