From f8f4e180f7447bd849dfd31adf0259ff2e014e49 Mon Sep 17 00:00:00 2001 From: Michael DeHaan Date: Sat, 15 Feb 2014 14:21:08 -0500 Subject: [PATCH] Add sudo note. --- docsite/rst/intro_adhoc.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docsite/rst/intro_adhoc.rst b/docsite/rst/intro_adhoc.rst index ba1033d061..9e2238615f 100644 --- a/docsite/rst/intro_adhoc.rst +++ b/docsite/rst/intro_adhoc.rst @@ -74,6 +74,14 @@ It is also possible to sudo to a user other than root using $ ansible atlanta -a "/usr/bin/foo" -u username -U otheruser [--ask-sudo-pass] +.. note:: + + Rarely, some users have security rules where they constrain their sudo environment to running specific command paths only. + This does not work with ansible's no-bootstrapping philosophy and hundreds of different modules. + If doing this, use Ansible from a special account that does not have this constraint. + One way of doing this without sharing access to unauthorized users would be gating Ansible with :doc:`tower`, which + can hold on to an SSH credential and let members of certain organizations use it on their behalf without having direct access. + Ok, so those are basics. If you didn't read about patterns and groups yet, go back and read :doc:`intro_patterns`. The ``-f 10`` in the above specifies the usage of 10 simultaneous