Use pam_env for su commands on Centos-9
See https://access.redhat.com/errata/RHBA-2022:4082 Change-Id: Ibe4ab810ba48c9735af187d39fc34a7451c12d8a
This commit is contained in:
parent
ff61081089
commit
cf358f169d
@ -52,13 +52,21 @@
|
||||
tags:
|
||||
- openstack_hosts-config
|
||||
|
||||
- name: Ensure environement is applied during sudo
|
||||
lineinfile:
|
||||
path: /etc/pam.d/sudo
|
||||
line: "session required pam_env.so readenv=1 user_readenv=0"
|
||||
regexp: 'session\s+required\s+pam_env\.so'
|
||||
insertbefore: '^@include'
|
||||
when: ansible_facts['distribution'] | lower == 'debian'
|
||||
# NOTE(jrosser) Remove this task when https://access.redhat.com/errata/RHBA-2022:4082
|
||||
# has a fix merged to Centos-9 as well as RHEL.
|
||||
- name: Ensure environement is applied during su
|
||||
community.general.pamd:
|
||||
name: su
|
||||
type: auth
|
||||
control: sufficient
|
||||
module_path: pam_rootok.so
|
||||
new_type: auth
|
||||
new_control: required
|
||||
new_module_path: pam_env.so
|
||||
state: before
|
||||
when:
|
||||
- ansible_facts['distribution'] == 'CentOS'
|
||||
- ansible_facts['distribution_version'] == '9'
|
||||
|
||||
- name: Create systemd global directory
|
||||
file:
|
||||
|
Loading…
Reference in New Issue
Block a user