Hello Folks,
ansible(before 2.4) uses /bin/sh for executing tasks, we want to restrict ansible account in sudo for certain tasks, in the process of this we need to give specifiy /bin/sh in sudoers command list for ansible account.
Now the question is by giving /bin/sh to the ansible user account(service account), user can gain root access automatically by any means? any security implications if i give /bin/sh to ansible account?
Appreciate if you can guide to any article that shed light on ansible security.