github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-08-23 16:39:30 +00:00
Code Issues Projects Releases Wiki Activity

perf: 改密去掉sudo (#11094)

Browse Source 
Co-authored-by: feng <1304903146@qq.com>
This commit is contained in:
fit2bot 2023-07-26 19:18:06 +08:00 committed by GitHub
parent c4f76c5512
commit ed0932deea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 22 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
apps/accounts/automations/change_secret/host/aix/main.yml
View File

@ -4,6 +4,26 @@
- name: Test privileged account - name: Test privileged account
ansible.builtin.ping: ansible.builtin.ping:
- name: Check user
ansible.builtin.user:
name: "{{ account.username }}"
shell: "{{ params.shell }}"
home: "{{ params.home | default('/home/' + account.username, true) }}"
groups: "{{ params.groups }}"
expires: -1
state: present
- name: "Add {{ account.username }} group"
ansible.builtin.group:
name: "{{ account.username }}"
state: present
- name: Add user groups
ansible.builtin.user:
name: "{{ account.username }}"
groups: "{{ params.groups }}"
when: params.groups
- name: Change password - name: Change password
ansible.builtin.user: ansible.builtin.user:
name: "{{ account.username }}" name: "{{ account.username }}"
@ -23,8 +43,8 @@
regexp: "{{ ssh_params.regexp }}" regexp: "{{ ssh_params.regexp }}"
state: absent state: absent
when: when:
- account.secret_type == "ssh_key" - account.secret_type == "ssh_key"
- ssh_params.strategy == "set_jms" - ssh_params.strategy == "set_jms"
- name: Change SSH key - name: Change SSH key
ansible.builtin.authorized_key: ansible.builtin.authorized_key:

6
apps/accounts/automations/change_secret/host/aix/manifest.yml
View File

@ -5,12 +5,6 @@ type:
- AIX - AIX
method: change_secret method: change_secret
params: params:
- name: sudo
type: str
label: 'Sudo'
default: '/bin/whoami'
help_text: "{{ 'Params sudo help text' | trans }}"
- name: shell - name: shell
type: str type: str
label: 'Shell' label: 'Shell'

10
apps/accounts/automations/change_secret/host/posix/main.yml
View File

@ -53,16 +53,6 @@
exclusive: "{{ ssh_params.exclusive }}" exclusive: "{{ ssh_params.exclusive }}"
when: account.secret_type == "ssh_key" when: account.secret_type == "ssh_key"
- name: Set sudo setting
ansible.builtin.lineinfile:
dest: /etc/sudoers
state: present
regexp: "^{{ account.username }} ALL="
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
validate: visudo -cf %s
when:
- params.sudo
- name: Refresh connection - name: Refresh connection
ansible.builtin.meta: reset_connection ansible.builtin.meta: reset_connection

6
apps/accounts/automations/change_secret/host/posix/manifest.yml
View File

@ -6,12 +6,6 @@ type:
- linux - linux
method: change_secret method: change_secret
params: params:
- name: sudo
type: str
label: 'Sudo'
default: '/bin/whoami'
help_text: "{{ 'Params sudo help text' | trans }}"
- name: shell - name: shell
type: str type: str
label: 'Shell' label: 'Shell'