1
0
forked from infra/ansible
infra/roles/xrdp_apphost/tasks/main.yml
Thomas Basler 9eef0c7739 xrdp_apphost: Secure home directories
Remove all permissions for other users from home directries
2022-06-19 21:47:48 +02:00

38 lines
1000 B
YAML

---
- name: Set Default umask for Users
lineinfile:
dest: '/etc/login.defs'
regexp: "UMASK"
line: "UMASK 027"
state: present
- include: xrdp.yml
- include: lightburn.yml
- include: estlcam.yml
- include: slicer.yml
- include: samba.yml
- name: Create tsadmin group
group: name={{ tsadmin_group }}
- name: Create tsadmin_user
user: name={{ tsadmin_user }} password={{ tsadmin_pass | password_hash('sha512', tsadmin_salt) }} home=/home/{{ tsadmin_user }} group={{ tsadmin_group }}
- name: Allow 'tsadmin_user' group to have passwordless sudo to other users
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^{{ tsadmin_user }} ALL=({{ item }}) NOPASSWD: ALL'
line: '{{ tsadmin_user }} ALL=({{ item }}) NOPASSWD: ALL'
validate: visudo -cf %s
with_items:
- "{{ estlcam_user }}"
- "{{ lightburn_user }}"
- "{{ slicer_user }}"
- name: Create tsadmin_user .xsession
template: src=tsadmin_xsession.j2 dest=/home/{{ tsadmin_user }}/.xsession