Is it safe to edit /etc/sudoers with the Ansible “lineinfile” module?

Question

I want to change sudo session timeout according to this answer. I can edit ordinary file:

lineinfile:
  path: /etc/sudoers
  regexp: ^Defaults  env_reset
  line:         


        

Answer 1

It's safe if you've tested the syntax to be correct.

The point of encouraging visudo is to prevent someone from locking themselves out from administering a system by creating an invalid /etc/sudoers, whether by a typo or a thinko.

When you're using Ansible to perform an edit, you can test the code performing that edit to do the right thing with your actual config files, environment, and version of sudo before you roll it out. Thus, the concerns about people making a typo or a syntax error by hand aren't immediately relevant.