fix: add users_pass_min_day and enforce users_global_umask
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Robert Kaussow 2022-09-18 13:44:41 +02:00
parent fa786ded90
commit 0c87d61d90
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
4 changed files with 22 additions and 4 deletions

View File

@ -13,7 +13,9 @@ users_default_users: []
users_default_groups: []
users_default_umask: "022"
users_global_umask: "022"
users_pass_min_day: 1
users_global_bash_aliases:
- alias: "ll"
command: "ls -lh"

View File

@ -16,5 +16,21 @@
owner: root
group: root
mode: 0644
- name: Set umask to /etc/login.defs
lineinfile:
path: /etc/login.defs
regexp: '^UMASK(\s+)'
line: 'UMASK\1{{ users_global_umask }}'
backrefs: yes
state: present
- name: Enforcing minimum password lifetime
lineinfile:
path: /etc/login.defs
regexp: '^PASS_MIN_DAYS(\s+)'
line: 'PASS_MIN_DAYS\1{{ users_pass_min_day }}'
backrefs: yes
state: present
become: True
become_user: root

View File

@ -1,12 +1,12 @@
---
- block:
- name: Create common groups
- name: Create groups
group:
name: "{{ item }}"
state: present
loop: "{{ users_default_groups }}"
- name: Create common users
- name: Create users
user:
name: "{{ item.name }}"
groups: "{{ item.groups | default([]) | join(',') or omit }}"

View File

@ -1,6 +1,6 @@
#jinja2:lstrip_blocks: True
{{ ansible_managed | comment }}
umask {{ users_default_umask }}
umask {{ users_global_umask }}
# are we an interactive shell?
if [ "$PS1" ]; then