Is that really true of most modules? AFAIK things like apt-get are not available via a system call.
Security is a big concern and it seems that Ansible is designed to require SUDO anything, which kind of defeats the purpose of SUDO in the first place. And trying to get Ansible to work with password-less SUDO? Allowing root access to any command with no password, somehow feels like we have increased the size of the attack surface somewhat. If its impossible to support SUDO properly, why not make the Ansible SUDO something predictable so that it can be explicitly permissioned? At least in that scenario, Ansible is taking some responsibility. Are you using unpredictable temp-script names in the hope that this is more secure, or to prevent multiple-executions from colliding? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8a9c9d74-6b09-4f32-b26f-f40a4b77839d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
