It's no more a security role than allowing your sysadmins to su to root...
On Monday, 21 March 2016 18:28:21 UTC, Matt Calhoun wrote:
>
> Is there really no way to give the ansible user specific sudo NOPASSWD
> privileges? This seems like a huge security hole!
>
> On Monday, March 21, 2016 at 9:24:31 AM UTC-4, selvam vasu wrote:
>>
>> Hi,
>> I am newbie to ansible. You can find it easily through this dump
>> question.
>> I have limited access to one user(selvam) which can ran limited commands
>> using sudo option.
>> My sudoers file looks like below.
>>
>> selvam ALL=(ALL) NOPASSWD: /usr/sbin/service,/usr/bin/apt-get
>>
>> I have tried to install apt package in remote machine using ansible
>> playbooks as selvam user with sudo option.
>>
>> Here is playbook file contents.
>>
>> playbook.yml
>> ---
>> - hosts: host1
>> remote_user: selvam
>> tasks:
>> - name: users package
>> apt: name={{ item }} state=latest
>> become: yes
>> with_items:
>> - nginx
>>
>> But the problem is when i run this playbook, I am getting the error as
>> "Missing become password". I need to install the package with passwordless.
>>
>> When run this below command manually from my ansible host, it is working
>> fine with passwordless. How can i accomplish the same through ansible
>> playbook.
>>
>> [selvam@host1] $ ssh host1 sudo -u root apt-get install nginx
>>
>> Ansible version:
>> *******************
>>
>> $ ansible-playbook --version
>> ansible-playbook 1.9.4
>> configured module search path = None
>>
>> Let me know where I have to modify my configs.
>>
>> Thanks in Advance.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0248d7a5-ec0d-4ac8-927a-1a4d554b637b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
