add users without sudo (gh_user_no_sudo)

It's handy to be able to create users that *don't* have sudo rights. Here at Stanford we use this to add users to our VPC bastion box (ssh proxy) so these users can use this machine for ssh tunneling, but I don't want to give those users the keys to the kingdom. This let's me configure a playbook like this. roles: - common - supervisor - role: gh_users gh_users: - su1 - su2 - su3 gh_users_no_sudo: - normal1 - normal2 The new gh_users_no_sudo list can be empty.

add users without sudo (gh_user_no_sudo)
It's handy to be able to create users that *don't* have sudo rights. Here at Stanford we use this to add users to our VPC bastion box (ssh proxy) so these users can use this machine for ssh tunneling, but I don't want to give those users the keys to the kingdom. This let's me configure a playbook like this. roles: - common - supervisor - role: gh_users gh_users: - su1 - su2 - su3 gh_users_no_sudo: - normal1 - normal2 The new gh_users_no_sudo list can be empty.
1d650f01 · Sef Kloninger · 551c3e00 · 1d650f01 · 1d650f01 · 1d650f01
Commit 1d650f01 authored Feb 05, 2014 by Sef Kloninger
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 4 deletions

playbooks/edx-west/prod-jumpbox.yml
+4 -1

playbooks/roles/gh_users/defaults/main.yml
+1 -0

playbooks/roles/gh_users/tasks/main.yml
+11 -3

No files found.
--- a/playbooks/edx-west/prod-jumpbox.yml
+++ b/playbooks/edx-west/prod-jumpbox.yml
@@ -17,7 +17,10 @@
        - ali123
        - caesar2164
        - dcadams
+        - nparlante
+      gh_users_no_sudo:
        - jinpa
        - gbruhns
-        - nparlante
+        - paepcke
+        - akshayak
      tags: users
--- a/playbooks/roles/gh_users/defaults/main.yml
+++ b/playbooks/roles/gh_users/defaults/main.yml
@@ -3,3 +3,4 @@
 # update the system bashrc default
 GH_USERS_PROMPT: ""
 gh_users: []
+gh_users_no_sudo: []
--- a/playbooks/roles/gh_users/tasks/main.yml
+++ b/playbooks/roles/gh_users/tasks/main.yml
@@ -10,6 +10,8 @@
 #     gh_users:
 #      - joe
 #      - mark
+#     gh_users_no_sudo:
+#      - tourist_dave


 - name: gh_users | creating default .bashrc
@@ -27,22 +29,28 @@
    dest=/etc/sudoers.d/gh owner=root group=root
    mode=0440 validate='visudo -cf %s'

- name: gh_users | create github users
+- name: gh_users | create sudo github users
  user:
    name={{ item }} groups=gh
    shell=/bin/bash
  with_items: gh_users

+- name: gh_users | create non-sudo github users
+  user:
+    name={{ item }}
+    shell=/bin/bash
+  with_items: gh_users_no_sudo
+
 - name: gh_users | create .ssh directory
  file:
    path=/home/{{ item }}/.ssh state=directory mode=0700
    owner={{ item }}
-  with_items: gh_users
+  with_items: gh_users + gh_users_no_sudo

 - name: gh_users | copy github key[s] to .ssh/authorized_keys
  get_url:
    url=https://github.com/{{ item }}.keys
    dest=/home/{{ item }}/.ssh/authorized_keys mode=0600
    owner={{ item }}
-  with_items: gh_users
+  with_items: gh_users + gh_users_no_sudo