Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Revoke Access Role

The revoke_access role immediately removes the user’s elevated access by deleting the file in the sudoers.d directory and cleaning up the scheduled at jobs.

The --tags revoke_access option is required to execute this.

main.yml 

---
# tasks file for revoke_access

- import_tasks: revoke_access.yml
  tags:
    - revoke_access

...

revoke_access.yml 

---

# Create a sudoers.d file

- name: "Searching for sudoers files for {{ username | lower }}"
  find:
    path: /etc/sudoers.d/
    patterns: "{{ username | lower }}_*"
  register: files_to_delete

- name: "Remove sudoers files for {{ username | lower }}"
  file:
    path: "{{ item.path }}"
    state: absent
  with_items: "{{ files_to_delete.files }}"

- name: "Find and remove all at jobs for {{ username | lower }}"
  shell:
    cmd: "for j in $(atq | sort -k6,6 -k3,3M -k4,4 -k5,5 |cut -f 1); do if at -c ${j} | grep {{ username | lower }} >/dev/null 2>&1; then atrm ${j}; fi; done"

...
gdoc_arrow_left_alt Create Sudoers Role Execute Play gdoc_arrow_right_alt