Oh, another important thing about sudo! Don't use wildcards in a sudoers file if you care about the args your user passes! You cannot specify how many args are allowed, so no matter how tightly you construct the wildcard, the user can always add more args. Either use literal commands in the sudoers file or use a wrapper that sanitizes the args and have sudo call the wrapper.
On Tuesday, November 10, 2015 at 8:48:53 AM UTC-8, Jeff wrote: > > I have SUDO configured to work without passwords. > > This command *works just fine*: > ansible quee -a "/usr/bin/sudo /usr/bin/apt-get update" > > > This command *fails with "FAILED => Missing sudo password "* > ansible quee -a "/usr/bin/apt-get update" --sudo > > > It works if I add --ask-sudo-pass and enter a sudo password. > > > I am using Ansible 1.7.2 on Debian Jessie (current stable) > > I want to use Ansible playbooks and expect that I will need --sudo to work > properly without passwords. > > Have I missed something obvious? > > > Any help much appreciated. > > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9328abde-2cf5-4733-94a5-e161453fa3a1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
