Sorry I started a discussion on this before seeing this one : https://groups.google.com/d/msg/ansible-project/TZoUZUPO5no/6ZOxMmF3BQAJ
Yes I mean to restrict (with sudoes configuration or something else) on the OS side, the command the user can execute but still allow ansible to execute. We are using ansible for code deployment and there is a single task which needs become privilege : nginx reload. So except the NOPASSWD settings, is there any other solution ? If not it seems to me it is a big drawback on Ansible to be used as code shipping tools. On Friday, January 27, 2017 at 2:41:34 PM UTC+1, Johannes Kastl wrote: > > On 26.01.17 19:11 Jonathan Bouzekri wrote: > > > Is there any progress on this feature? is it available in the > > latest version of ansible? More specifically on the service module > > (for example to allow reloading of specific services) > > As you don't quote what you are talking about I can only assume the > title is what you are after. > > No, ansible needs to run something like "sudo -H -S -n -u root > /bin/bash" to work. You might set that to NOPASSWD, but it just means > you allow the ansible user everything. > > Johannes > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3a57a456-40e8-484a-9b38-1e4fbd61e4ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
