Good point. We are in fact running our scripts as a user with limited sudo rights, so it's good to know that's not recommended practice.
On Tue, Jun 24, 2014 at 10:42 AM, Jacob Weber <[email protected]> wrote: > I'd actually like to see some general information in the documentation > about this topic of user permissions. I would think that a lot of people > get the idea to create users with limited sudo rights, and use them with > Ansible. But there are cases like this where Ansible doesn't allow that. It > would be good to know that up front, so you can think about how you want to > handle permissions. If the recommendation is that Ansible always be run as > a user with full sudo rights, that should be stated somewhere. > > > > > On Jun 24, 2014, at 7:30 AM, Michael DeHaan <[email protected]> wrote: > > Or perhaps improve the error message when it fails, yes. > > Agreed. > > > On Tue, Jun 24, 2014 at 9:29 AM, Ben Hoyt <[email protected]> wrote: > >> >> >>> if the files were not there, ansible would need to create the file >>> anyway, as is it's nature >>> >> >> That's a fair point. If ansible is being used for end-to-end server >> configuration (as is often the case) it will have to create the file anyway. >> >> However, one thing that could be improved here is the documentation -- >> mention in the "template" (and "copy"?) module docs that write access on >> the directory is required and why (due to the atomic temp file/rename >> magic). >> >> -Ben >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAL9jXCH5%2B9fgCQB24tRsPPyDoiEpBEiOcCoSKBAZTf09WSXQ8Q%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CAL9jXCH5%2B9fgCQB24tRsPPyDoiEpBEiOcCoSKBAZTf09WSXQ8Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/m5-obFecmd0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxidNdEzLeeZ_FhZ1_aJD8S4UHGf2FjPNSoAQ3PkD2qWg%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxidNdEzLeeZ_FhZ1_aJD8S4UHGf2FjPNSoAQ3PkD2qWg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/m5-obFecmd0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/6CB67A5A-6B9F-4BB4-8756-B857C5597411%40jacobweber.com > <https://groups.google.com/d/msgid/ansible-project/6CB67A5A-6B9F-4BB4-8756-B857C5597411%40jacobweber.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL9jXCEKfmkZsjzYt0o9oSVw0a6AwiF8Qxe_z63pRcj-Ei2WgQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
