For one of my learning projects I needed have passwordless sudo access for a user and group (my sys-admin brain goes "urg urg!").
- sudo access to a group which does not have sudo power
- sudo access to a user who does not have a sudo power, not a part of any of the sudoers group (ex: wheel)
Here is an example of the ansible-playbook which gives password less sudo access to a group.
---
- name: Using the copy module
hosts: all
become: yes
tasks:
- name: Create devops group
group:
name: devops
state: present
- name: Create devops user
user:
name: devops
group: devops
- name: Give sudo access to devops user
blockinfile:
path: /etc/sudoers
insertafter: 'root ALL=(ALL) ALL'
block: |
# Gives sudo access to the devops group
%devops ALL=(ALL) NOPASSWD: ALL
Created the devops user, a member of devops group. With the following task gave the sudo access to the devops group. Added devops group in the `/etc/sudoers’ file.
This passwordless sudo access might be good and necessary for labs to practice & learn. But is not advicable at any point of time to perform the same for any network connected system.