Documentation
PLEASE NOTE: This document applies to latest version and not to the latest stable release v2.20
Documentation for other releases can be found by using the version selector in the top right of any doc page.sudoers
Manage sudoers configuration entries in /etc/sudoers.d.
Attributes
check_mode:
support: full
Parameters
| Parameter | Required | Type | Values | Description |
|---|---|---|---|---|
| commands | true | Commands the user/group can run. Can be a single command or list. | ||
| name | true | string | Name of the sudoers rule. This becomes the filename in sudoers.d. | |
| nopassword | boolean | Whether to require password for sudo. [default: false] |
||
| setenv | boolean | Allow user to set environment variables with sudo. [default: false] |
||
| state | string | present absent |
Whether the rule should be present or absent. [default: "present"] |
|
| sudoers_path | string | Path to the sudoers.d directory. [default: "/etc/sudoers.d"] |
||
| user | true | string | User or group to grant sudo access. Groups should be prefixed with %. |
Examples
- name: Allow nginx to restart service without password
sudoers:
name: nginx-service
user: nginx
commands:
- /usr/sbin/service nginx restart
- /usr/sbin/service nginx status
nopassword: true
- name: Allow developers group to run docker commands
sudoers:
name: docker-developers
user: "%developers"
commands: /usr/bin/docker
nopassword: true
setenv: true
- name: Allow specific user to run all commands
sudoers:
name: admin-user
user: adminuser
commands: ALL
- name: Remove sudoers rule
sudoers:
name: deprecated-rule
user: olduser
commands: ALL
state: absent
- name: Custom sudoers path
sudoers:
name: custom-rule
user: myuser
commands: /usr/local/bin/myapp
sudoers_path: /etc/sudoers.d