Running playbooks with sudo vs root

Andrew_Martin · October 24, 2013, 1:14am

Hello,

I am working on setting up ansible in my environment and would like to know if there is a strong advantage to using sudo with playbooks rather than logging in directly as root? Some advantages that come to mind are:

protecting the root account from direct access or brute force password attacks; however this is not an issue in my environment because root has no password set; rather only the ansible user’s ssh key is stored in the root account, so access to root is limited to the ansible server
sudo allows you to log all commands and who ran them, however you can also log which ssh key connected by setting LogLevel to VERBOSE in sshd_config
if you were running a playbook that did not require any superuser access, then it would make sense to run it as regular user and not use sudo

Is there something else I am missing?

Thanks,

Andrew

Michael_DeHaan2 · October 24, 2013, 3:38am

This is a bit of a religious discussion between Red Hat and Debian/Ubuntu camps

IMHO logging in with root and an authorized key is fine, but I would probably not suggest logging in with root and a password.

Ansible will be logging activity to syslog in either event.

Andrew_Martin · October 24, 2013, 1:38pm

Thanks for the clarification!

Topic		Replies	Views
Using sudo as root Ansible Project	5	0	April 5, 2014
help while running sudo in Ansible playbooks Ansible Project	6	0	January 15, 2021
Ansible playbook execution \| root restriction Ansible Project	2	0	April 18, 2019
Playbooks for users with different permissions Ansible Project	6	0	May 27, 2014
Running commands as sudo Ansible Project	0	2	June 27, 2017

Running playbooks with sudo vs root

Related topics