Chapter 28. Using the sudo system role


As an administrator, you can consistently configure the /etc/sudoers files on multiple systems by using the sudo RHEL system role.

28.1. Applying custom sudoers configuration by using RHEL system roles

You can use the sudo RHEL system role to apply custom sudoers configuration on your managed nodes. That way, you can define which users can run which commands on which hosts, with better configuration efficiency and more granular control.

Prerequisites

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content:

    ---
    - name: "Configure sudo"
      hosts: managed-node-01.example.com
      tasks:
        - name: "Apply custom /etc/sudoers configuration"
          ansible.builtin.include_role:
            name: rhel-system-roles.sudo
          vars:
            sudo_sudoers_files:
              - path: "/etc/sudoers"
                user_specifications:
                  - users:
                      - <user_name>
                    hosts:
                      - <host_name>
                    commands:
                      - <path_to_command_binary>

    The settings specified in the playbook include the following:

    users
    The list of users that the rule applies to.
    hosts
    The list of hosts that the rule applies to. You can use ALL for all hosts.
    commands

    The list of commands that the rule applies to. You can use ALL for all commands.

    For details about all variables used in the playbook, see the /usr/share/ansible/roles/rhel-system-roles.sudo/README.md file on the control node.

  2. Validate the playbook syntax:

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook:

    $ ansible-playbook ~/playbook.yml

Verification

  1. On the managed node, verify that the playbook applied the new rules.

    # cat /etc/sudoers | tail -n1
    <user_name> <host_name>= <path_to_command_binary>

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.sudo/README.md file
  • /usr/share/doc/rhel-system-roles.sudo/sudo/ directory
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.