aufs for guests

nfs-client/files/pam_common-session

-#
-# /etc/pam.d/common-session - session-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of sessions of *any* kind (both interactive and
-# non-interactive).
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]			pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-session	optional			pam_krb5.so minimum_uid=1000
-session	required	pam_unix.so 
-session	[success=ok default=ignore]	pam_ldap.so minimum_uid=1000
-session	optional			pam_ck_connector.so nox11
-session optional			pam_umask.so
-# end of pam-auth-update config

nfs-client/tasks/umask.yml

@@ -8,7 +8,7 @@
     - config
 
 - name: activate pam.d session modules to set default umask
-  copy: src=pam_common-session dest=/etc/pam.d/common-session owner=root group=root mode=0644
+  lineinfile: dest=/etc/pam.d/common-session line=session optional                        pam_umask.so
   tags:
     - umask
     - pam