# SPDX-License-Identifier: MIT-0
---
# tasks file for lockdown
- name: Disable shell for root user
  when: ansible_facts["user_id"] != "root"
  become: true
  ansible.builtin.user:
    name: root
    shell: /sbin/nologin
  tags:
    - deshell_root
  register: root_shell_disabled