Templating sudoers - what could possibly go wrong...

Nigel_Metheringham · October 22, 2012, 4:07pm

It looks very much as though, currently, doing this:-

  - name: Build sudo config file
    action: template src=templates/sudo/sudoers.j2 dest=/etc/sudoers
            owner=root group=root mode=0440

leads to much pain and suffering, because template, uses copy, which
chains file to deal with permissions etc....
And when file runs, sudoers has been put in place with a default
permission (0644 in this case), and sudo then refuses to run because the
permissions are not as it expects

I'm hoping that the performance speedups for 0.9, which move file into
common and reduce the round trips, will have the side effect of fixing
this pain point

Nigel.

Michael_DeHaan · October 22, 2012, 4:35pm

Most people have no problems at all doing templating with sudo set in 0.8.

There's an open ticket though on making copy change attribs prior to the move.

Peter_Sankauskas · October 22, 2012, 6:15pm

Yep, this is the exact issue that
https://github.com/ansible/ansible/issues/1258
is going to resolve.

Nigel_Metheringham · October 22, 2012, 7:05pm

Michael DeHaan wrote:

Most people have no problems at all doing templating with sudo set in 0.8.

Well this was against a vanilla Centos 6 install. I saw the same thing
with 0.7 (problem today was on 0.8 - which I think changed the template
result so that the copy operation was repeated).

Nigel.

Michael_DeHaan · October 22, 2012, 7:12pm

Yeah IIRC generally not an issue except for the linked sudoers example.

Topic		Views
help with templating Ansible Project	2	May 7, 2014
Working with sudoers files Ansible Project	2	September 1, 2013
Enable Passwordless Sudo w/out template Ansible Developer	1	January 13, 2016
Problems with permissions accesing files with sudo Ansible Project	4	July 2, 2014
ansible-playbook --check Ansible Project	7	March 31, 2013

Templating sudoers - what could possibly go wrong...

Related topics