From 999d7b5b1e3e420b47f33fd1283832c2144486a8 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Thu, 19 Jan 2023 13:33:11 +0000
Subject: [PATCH] fix csv sugroup option updated

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 defaults/main.yml             | 2 +-
 tasks/section_5/cis_5.3.x.yml | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 6b916a5..635d8ea 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -637,7 +637,7 @@ rhel9cis_futurepwchgdate_autofix: true
 # 5.7
 # rhel9cis_sugroup: sugroup  # change accordingly wheel is default
 
-# wheel users list
+# wheel users list please supply comma seperated e.g. "vagrant,root"
 rhel9cis_sugroup_users: "root"
 
 ## Section6 vars
diff --git a/tasks/section_5/cis_5.3.x.yml b/tasks/section_5/cis_5.3.x.yml
index 25d05d2..823d142 100644
--- a/tasks/section_5/cis_5.3.x.yml
+++ b/tasks/section_5/cis_5.3.x.yml
@@ -120,8 +120,9 @@
 
       - name: "5.3.7 | PATCH | Ensure access to the su command is restricted | wheel group contains root"
         ansible.builtin.user:
-            name: "{{ rhel9cis_sugroup_users }}"
+            name: "{{ item }}"
             groups: "{{ rhel9cis_sugroup | default('wheel') }}"
+        loop: "{{ rhel9cis_sugroup_users | split (',') }}"
   when:
       - rhel9cis_rule_5_3_7
   tags: