mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
d0b39271b3
* Use visudo to validate sudoers rules before use * Replace use of subprocess.Popen with module.run_command * Switch out apt for package * Check file mode when verifying file to determine whether something needs to change * Only install sudo package for debian and redhat environments (when testing) * Attempt to install sudo on FreeBSD too * Try just installing sudo for non-darwin machines * Don't validate file ownership * Attempt to install sudo on all platforms * Revert "Attempt to install sudo on all platforms" This reverts commitb9562a8916. * Remove file permissions changes from this PR * Add changelog fragment for 4794 sudoers validation * Add option to control when sudoers validation is used * Update changelog fragment Co-authored-by: Felix Fontein <felix@fontein.de> * Add version_added to validation property Co-authored-by: Felix Fontein <felix@fontein.de> * Also validate failed sudoers validation error message Co-authored-by: Felix Fontein <felix@fontein.de> * Make visudo not executable instead of trying to delete it * Update edge case validation * Write invalid sudoers file to alternative path to avoid breaking sudo * Don't try to remove or otherwise modify visudo on Darwin * Update plugins/modules/system/sudoers.py Co-authored-by: Felix Fontein <felix@fontein.de> * Remove trailing extra empty line to appease sanity checker Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit97c72f88b7) Co-authored-by: Jon Ellis <ellis.jp@gmail.com>
2 lines
279 B
YAML
2 lines
279 B
YAML
minor_changes:
|
|
- sudoers - will attempt to validate the proposed sudoers rule using visudo if available, optionally skipped, or required (https://github.com/ansible-collections/community.general/pull/4794, https://github.com/ansible-collections/community.general/issues/4745).
|