The purpose of sudo is to allow for privilege escalation, the fine grained escalation is a feature.
The way ansible works currently requires arbitrary commands specs, this is not a bug, but it is a limitation. This won't work for all environments, specifically those that only allow specific commands. This is a feature we want to add, but it won't work with all modules, it would only work with modules that shell out to run commands. For example, if a module changes ownership of a file using the python/perl/ruby function to do so, it would not work with `/bin/chmod` permissions in sudoers as they will be making a system call and not running a command. -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8kv-904WzX-2viPM2jWk5c4SD2pJovGD7nMp0jLTtekZA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
