Use pam_env for su commands on Centos-9
See https://access.redhat.com/errata/RHBA-2022:4082 Change-Id: Ibe4ab810ba48c9735af187d39fc34a7451c12d8a
This commit is contained in:
parent
ff61081089
commit
cf358f169d
|
@ -52,13 +52,21 @@
|
||||||
tags:
|
tags:
|
||||||
- openstack_hosts-config
|
- openstack_hosts-config
|
||||||
|
|
||||||
- name: Ensure environement is applied during sudo
|
# NOTE(jrosser) Remove this task when https://access.redhat.com/errata/RHBA-2022:4082
|
||||||
lineinfile:
|
# has a fix merged to Centos-9 as well as RHEL.
|
||||||
path: /etc/pam.d/sudo
|
- name: Ensure environement is applied during su
|
||||||
line: "session required pam_env.so readenv=1 user_readenv=0"
|
community.general.pamd:
|
||||||
regexp: 'session\s+required\s+pam_env\.so'
|
name: su
|
||||||
insertbefore: '^@include'
|
type: auth
|
||||||
when: ansible_facts['distribution'] | lower == 'debian'
|
control: sufficient
|
||||||
|
module_path: pam_rootok.so
|
||||||
|
new_type: auth
|
||||||
|
new_control: required
|
||||||
|
new_module_path: pam_env.so
|
||||||
|
state: before
|
||||||
|
when:
|
||||||
|
- ansible_facts['distribution'] == 'CentOS'
|
||||||
|
- ansible_facts['distribution_version'] == '9'
|
||||||
|
|
||||||
- name: Create systemd global directory
|
- name: Create systemd global directory
|
||||||
file:
|
file:
|
||||||
|
|
Loading…
Reference in New Issue