Restricting Commands after privilege escalation using sudo in ansible.

varun_mohan · May 29, 2020, 10:33am

Hi,
Currently ansible uses wrapper scripts(shell/python) for executing commands as privileged user suing sudo. Due to this its currently not possible to restrict what commands ansible fires on the remote machine after privilege escalation. Main reason being ansible required NO PASSWD:ALL or NO PASSwd:/bin/sh( which is equivalent to NO PASSWD:ALL). Is there any way to control this.

Regards
Varun

Dick_Visser · May 29, 2020, 10:46am

No: https://docs.ansible.com/ansible/latest/user_guide/become.html#privilege-escalation-must-be-general

Topic		Replies	Views
Run one simple coomand with sudo priviliges. Ansible Project	1	0	May 22, 2018
Allowed specific commands with NOPASSWD in sudoers file, Ansible complains... Ansible Project ansible-project	5	2	January 27, 2017
ansible privilege escalation ( sudo su - ) Ansible Project	3	2	March 17, 2020
How to customise privilege escalation using sudo Ansible Project	0	0	September 25, 2016
run command on ansible host with sudo privilege. Ansible Project	2	1	October 20, 2016

Restricting Commands after privilege escalation using sudo in ansible.

Related topics