Restricting Commands after privilege escalation using sudo in ansible.
15 views
Skip to first unread message
varun mohan
May 29, 2020, 6:33:20 AM5/29/20
to Ansible Project
Hi,
Currently ansible uses wrapper scripts(shell/python) for executing commands as privileged user suing sudo. Due to this its currently not possible to restrict what commands ansible fires on the remote machine after privilege escalation. Main reason being ansible required NO PASSWD:ALL or NO PASSwd:/bin/sh( which is equivalent to NO PASSWD:ALL). Is there any way to control this.
Regards
Varun
Dick Visser
May 29, 2020, 6:46:43 AM5/29/20
to ansible...@googlegroups.com
No: https://docs.ansible.com/ansible/latest/user_guide/become.html#privilege-escalation-must-be-general
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/87ce2f5e-c7d6-4f50-b7c3-2b13beb63dd8%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/87ce2f5e-c7d6-4f50-b7c3-2b13beb63dd8%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
Reply all
Reply to author
Forward
0 new messages