> sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo 
> BECOME-SUCCESS-mukfdpvotlpobkadiwdhuktbihrwsnnr; LANG=en_US.utf8 
> LC_ALL=en_US.utf8 LC_MESSAGES=en_US.utf8 /usr/bin/python 
> /home/john/.ansible/tmp/ansible-tmp-1474312334.89-150221606981760/setup; rm 
> -rf "/home/john/.ansible/tmp/ansible-tmp-1474312334.89-150221606981760/" > 
> /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''

Ok, I said "something like", because I didn't have a machine to dig up the 
details on. But clearly you were able to do that. Look at the command. It's 
sudo ... /bin/sh .

So NOPASSWD: for /bin/sh. But really you should just give wildcard NOPASSWD 
for running ansible. There's very little difference in NOPASSWD for /bin/sh 
and everything. Or input the password using --ask-become-pass


You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to