Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Grant Temporary Root Access

This playbook designed to grant/revoke temporary root access to a user on a server by creating a file in sudoers.d and at jobs to delete the file after a designated amount of time. In a business setting there is occasionally need to give multiple people access to multiple systems quickly, but only temporarily. The svcrqst variable is meant for an environment in which tracking these requests is important.

root_access.yml 

---

- name: Start playbook to give temporary root access
  hosts: "{{ manual_list | lower }}"
  vars:
  gather_facts: True
  become: True
  become_flags: '-i'
  tasks:

    - name: Loop list of users to create access
      include_role:
        name: create_sudoers
      loop: "{{ query('items', userlist.split()) }}"
      loop_control:
        label: "{{ username }}"
        loop_var: username
      tags:
        - create_sudoers

    - name: Loop list of users to revoke access
      include_role:
        name: revoke_access
      loop: "{{ query('items', userlist.split()) }}"
      loop_control:
        label: "{{ username }}"
        loop_var: username
      tags:
        - revoke_access

...
gdoc_arrow_left_alt Execute Play Create Sudoers Role gdoc_arrow_right_alt