Grant Temporary Root Access
This playbook designed to grant/revoke temporary root access to a user on a server by creating a file in sudoers.d
and at
jobs to delete the file after a designated amount of time. In a business setting there is occasionally need to give multiple people access to multiple systems quickly, but only temporarily. The svcrqst
variable is meant for an environment in which tracking these requests is important.
---
- name: Start playbook to give temporary root access
hosts: "{{ manual_list | lower }}"
vars:
gather_facts: True
become: True
become_flags: '-i'
tasks:
- name: Loop list of users to create access
include_role:
name: create_sudoers
loop: "{{ query('items', userlist.split()) }}"
loop_control:
label: "{{ username }}"
loop_var: username
tags:
- create_sudoers
- name: Loop list of users to revoke access
include_role:
name: revoke_access
loop: "{{ query('items', userlist.split()) }}"
loop_control:
label: "{{ username }}"
loop_var: username
tags:
- revoke_access
...