Fix permissions

ansible/roles/ssh_users/tasks/main.yml

@@ -19,14 +19,33 @@
     state: present
   with_items: "{{ non_admin_usernames }}"
 
-- name: create .ssh dir in user homes
+- name: create .ssh dir for admin users
   tags: ssh_users
-  file: path=/home/{{item}}/.ssh state=directory owner={{item}} group={{item}} mode=0700
-  with_items: "{{ admin_usernames | union(non_admin_usernames) }}"
+  file:
+    path: "/home/{{item}}/.ssh"
+    state: directory
+    owner: "{{item}}"
+    group: "admin"
+    mode: 0700
+  with_items: "{{ admin_usernames }}"
+
+- name: create .ssh dir for non-admin users
+  tags: ssh_users
+  file:
+    path: "/home/{{item}}/.ssh"
+    state: directory
+    owner: "{{item}}"
+    group: "users"
+    mode: 0700
+  with_items: "{{ non_admin_usernames }}"
 
 - name: create .ssh/authorized_keys for each user
   tags: ssh_users
-  template: src=authorized_keys dest=/home/{{item}}/.ssh/authorized_keys owner={{item}} group={{item}} mode=0400
+  template:
+    src: authorized_keys
+    dest: "/home/{{item}}/.ssh/authorized_keys"
+    owner: "{{item}}"
+    mode: 0400
   with_items: "{{ admin_usernames | union(non_admin_usernames) }}"
 
 - name: list all users currently on the system