You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Setting the variable os_security_users_allow to change_user (or [change_user]) doesn't have any effect. The permissions of /bin/su are always set to 0750.
Here is the code block which uses this variable (from tasks/minimize_access.yml):
- name: change su-binary to only be accessible to user and group root
file:
dest: '/bin/su'
owner: 'root'
group: 'root'
mode: '0750'
when: os_security_users_allow != None
Apparently this task is executed when the variable is set to any value. I think the when-condition should be changed to change_user not in os_security_users_allow. I am happy to submit a pull request, if this is approved.
The text was updated successfully, but these errors were encountered:
adaitche
changed the title
Setting os_security_users_allow has no effect
Setting os_security_users_allow has no effect
Jun 16, 2018
Setting the variable
os_security_users_allow
tochange_user
(or[change_user]
) doesn't have any effect. The permissions of/bin/su
are always set to0750
.Here is the code block which uses this variable (from
tasks/minimize_access.yml
):Apparently this task is executed when the variable is set to any value. I think the when-condition should be changed to
change_user not in os_security_users_allow
. I am happy to submit a pull request, if this is approved.The text was updated successfully, but these errors were encountered: