Created
September 21, 2023 15:07
-
-
Save zeitounator/f809e5cb4df7006e50ec10ab82e53499 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ tree | |
. | |
├── su.example | |
└── test.yml | |
0 directories, 2 files | |
$ cat su.example | |
#%PAM-1.0 | |
auth sufficient pam_rootok.so | |
# Uncomment the following line to implicitly trust users in the "wheel" group. | |
#auth sufficient pam_wheel.so trust use_uid | |
# Uncomment the following line to require a user to be in the "wheel" group. | |
#auth required pam_wheel.so use_uid | |
auth substack system-auth | |
auth include postlogin | |
account sufficient pam_succeed_if.so uid = 0 use_uid quiet | |
$ cat test.yml | |
--- | |
- hosts: localhost | |
gather_facts: false | |
tasks: | |
- name: Modify PAM | |
ansible.builtin.lineinfile: | |
path: su.example | |
regexp: '^#auth required pam_wheel.so use_uid' | |
line: 'auth required pam_wheel.so use_uid' | |
backrefs: true | |
backup: true | |
$ ansible-playbook test.yml | |
PLAY [localhost] ******************************************************************************************************************************************************************************************************************* | |
TASK [Modify PAM] ****************************************************************************************************************************************************************************************************************** | |
changed: [localhost] | |
PLAY RECAP ************************************************************************************************************************************************************************************************************************* | |
localhost : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 | |
$ tree | |
. | |
├── su.example | |
├── su.example.441527.2023-09-21@17:06:13~ | |
└── test.yml | |
0 directories, 3 files | |
$ diff su.example.441527.2023-09-21@17\:06\:13~ su.example | |
--- su.example.441527.2023-09-21@17:06:13~ 2023-09-21 16:58:16.914213377 +0200 | |
+++ su.example 2023-09-21 17:06:13.074352732 +0200 | |
@@ -3,7 +3,7 @@ | |
# Uncomment the following line to implicitly trust users in the "wheel" group. | |
#auth sufficient pam_wheel.so trust use_uid | |
# Uncomment the following line to require a user to be in the "wheel" group. | |
-#auth required pam_wheel.so use_uid | |
+auth required pam_wheel.so use_uid | |
auth substack system-auth | |
auth include postlogin | |
account sufficient pam_succeed_if.so uid = 0 use_uid quiet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment