Is it safe to edit /etc/sudoers with the Ansible “lineinfile” module?

Question

I want to change sudo session timeout according to this answer. I can edit ordinary file:

lineinfile:
  path: /etc/sudoers
  regexp: ^Defaults  env_reset
  line:         


        

Answer 1

Instead of directly editing the /etc/sudoers you can place your desired setting into the /etc/sudoers.d directory like this:

- name: Change sudo session timeout
  lineinfile:
    dest: /etc/sudoers.d/ssh_session_timeout
    line: 'Defaults  env_reset,timestamp_timeout=60K'
    create: yes
    owner: root 
    group: root 
    mode: "0440"
    state: present
    validate: 'visudo -c -f %s'