Is it safe to edit /etc/sudoers with the Ansible “lineinfile” module?

Question

I want to change sudo session timeout according to this answer. I can edit ordinary file:

lineinfile:
  path: /etc/sudoers
  regexp: ^Defaults  env_reset
  line:         


        

Answer 1

I think what you are missing is that in order to edit /etc/sudoers you need sudo-access. To do this in Ansible, you just need to add the become flag.

name: Change Sudo Timeout
become: yes
lineinfile:
  path: /etc/sudoers
  regexp: ^Defaults  env_reset
  line: Defaults  env_reset,timestamp_timeout=60