From dba42efaae5544cf66494a28aa251cb003fee1fb Mon Sep 17 00:00:00 2001 From: binary Date: Mon, 22 Feb 2021 12:32:51 +0100 Subject: Force sshdns user to non root --- roles/sshdns/tasks/main.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'roles/sshdns/tasks') diff --git a/roles/sshdns/tasks/main.yml b/roles/sshdns/tasks/main.yml index 0942e68..30cc958 100644 --- a/roles/sshdns/tasks/main.yml +++ b/roles/sshdns/tasks/main.yml @@ -4,13 +4,27 @@ --- +- name: get real user + shell: logname + register: sshdns_user + delegate_to: localhost + +- name: parse real username + set_fact: + sshdns_user: "{{ sshdns_user.stdout }}" + - name: create config directory file: - path: "{{ lookup('env', 'HOME') }}/.ssh/config.d" + #path: "{{ lookup('env', 'HOME') }}/.ssh/config.d" + path: "/home/{{ sshdns_user }}/.ssh/config.d" state: directory mode: 0700 + become: true + become_user: "{{ sshdns_user }}" - name: Generate template to localhost template: src: templates/generate_dns.j2 - dest: "{{ lookup('env', 'HOME') }}/.ssh/config.d/ssh_dns" + dest: "/home/{{ sshdns_user }}//.ssh/config.d/ssh_dns" + become: true + become_user: "{{ sshdns_user }}" -- cgit v1.2.3