ansible-edda/plays/roles/system_base/tasks/include/root.yml

- name: "root : disable root shell"
  ansible.builtin.user:
    name: "root"
    shell: "/usr/sbin/nologin"

- name: "root : disable su for non-wheel users"
  ansible.builtin.copy:
    src: "./root/su"
    dest: "/etc/pam.d/su"
    mode: 0644
Convert common parts of 00-hosts to roles 2022-12-04 15:14:43 +01:00			`- name: "root : disable root shell"`
			`ansible.builtin.user:`
			`name: "root"`
			`shell: "/usr/sbin/nologin"`

			`- name: "root : disable su for non-wheel users"`
			`ansible.builtin.copy:`
			`src: "./root/su"`
			`dest: "/etc/pam.d/su"`
			`mode: 0644`