Skip to content

1.1.6

Latest

Choose a tag to compare

@github-actions github-actions released this 16 May 23:15
1.1.6
599f9d4

[1.1.6] - 2026-05-17

Fixed

  • access role: wrap the runas field in the rendered sudoers file in
    parentheses, as required by the sudoers(5) grammar
    (Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'). The
    sudoer.j2 template emitted host=runas instead of host=(runas),
    so every entry created from access_sudoers was syntactically
    invalid: visudo -cf rejected the file and the templating task
    failed at deploy time (access_validate_sudoers defaults to true).
    Hosts that disabled the validate hook would have silently shipped a
    broken sudoers drop-in. Both the user and group branches now render
    =({{ runas | default('ALL') }}), so existing example configs like
    runas: ALL produce valid syntax without changes. The bug was
    introduced in the access-role rewrite (ab1b3be, 2026-01-14) and
    affects all 1.1.x releases up to and including 1.1.5.