Doc

eldy · eldy · commit c16ab19f48bf · 2025-11-10T16:00:46.000+01:00
diff --git a/doc/Documentation SellYourSaas - Master and Deployment Servers - EN.asciidoc b/doc/Documentation SellYourSaas - Master and Deployment Servers - EN.asciidoc
@@ -324,6 +324,7 @@ mylastnamefirstname ALL=(ALL) ALL
 # This allows to switch to admin or osu* with "sudo su - admin" or "sudo su - osu..."
 #mylastnamefirstname ALL=(ALL) /usr/bin/su - admin
 #mylastnamefirstname ALL=(ALL) /usr/bin/su - osu*
+#myadminunixlogin ALL=(ALL) /usr/bin/fail2ban-client
 ---------------
 
 This allows you to switch to *admin* or *osu...* without typing your password too:
diff --git a/scripts/ansible/user_create.yml b/scripts/ansible/user_create.yml
@@ -88,7 +88,7 @@
       - userroot is defined
       - userroot|length > 0
 
-  - name: Process line into file /etc/sudoers.d/{{login}} for su admin
+  - name: Process line into file /etc/sudoers.d/{{login}} for sudo su - admin
     lineinfile:
       path: /etc/sudoers.d/{{ login }}
       line: "{{ login }} ALL=(ALL) /usr/bin/su - admin"
@@ -102,7 +102,7 @@
       - userpublickey|length > 0
       - userroot is not defined
 
-  - name: Process line into file /etc/sudoers.d/{{login}} for su osu
+  - name: Process line into file /etc/sudoers.d/{{login}} for sudo su - osu
     lineinfile:
       path: /etc/sudoers.d/{{ login }}
       line: "{{ login }} ALL=(ALL) /usr/bin/su - osu*"
@@ -116,7 +116,21 @@
       - userpublickey|length > 0
       - userroot is not defined
 
-  - name: Remove deprecated line into file /etc/sudoers.d/{{login}} for su admin
+  - name: Process line into file /etc/sudoers.d/{{login}} for sudo fail2ban
+    lineinfile:
+      path: /etc/sudoers.d/{{ login }}
+      line: "{{ login }} ALL=(ALL) /usr/bin/fail2ban-client"
+      owner: root
+      group: root
+      mode: '0440'
+      create: yes
+      state: present
+    when:
+      - userpublickey is defined
+      - userpublickey|length > 0
+      - userroot is not defined
+
+  - name: Remove deprecated line into file /etc/sudoers.d/{{login}} for sudo su - admin
     lineinfile:
       path: /etc/sudoers.d/{{ login }}
       line: "{{ login }} ALL=(ALL) NOPASSWD:/bin/su - admin"
@@ -129,7 +143,7 @@
       - userpublickey is defined
       - userpublickey|length > 0
 
-  - name: Remove deprecated line into file /etc/sudoers.d/{{login}} for su osu
+  - name: Remove deprecated line into file /etc/sudoers.d/{{login}} for sudo su - osu
     lineinfile:
       path: /etc/sudoers.d/{{ login }}
       line: "{{ login }} ALL=(ALL) NOPASSWD:/bin/su - osu*"
