Ansible/Security: Difference between revisions

Security concerns when using Ansible.

ansible.cfg and world writable directories

If Ansible were to load :file:ansible.cfg from a world-writable current working directory, it would create a serious security risk. Another user could place their own config file there, designed to make Ansible run malicious code both locally and remotely, possibly with elevated privileges. For this reason, Ansible will not automatically load a config file from the current working directory if the directory is world-writable.

If you depend on using Ansible with a config file in the current working directory, the best way to avoid this problem is to restrict access to your Ansible directories to particular user(s) and/or group(s).

- https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings

Ansible Ansible is a Python library for managing IT and compute infrastructure. Ansible  · Category:Ansible Ansible Configuration Config file: Ansible/Configuration Secrets and Sensitive Info: Ansible/Security  · Ansible/Vaults Ansible Playbooks Basics: Ansible/Playbooks Examples: Ansible/Nginx Playbook (simple)  · Ansible/Full Stack Playbook (advanced) Ansible Hosts and Inventory Control All topics in Ansible Hosts: Ansible/Hosts Splitting large host files into subfiles: Ansible/Splitting Hosts File Automatically naming hosts: Ansible/Host Naming Grouping Hosts: Ansible/Groups Assigning Variables to Groups: Ansible/Group Variables Roles: Ansible/Roles Ansible and Vagrant (Local) Ansible/Vagrant  · Ansible/Vagrant/Static Inventory  · Ansible/Vagrant/Dynamic Inventory Ansible and EC2 (Cloud) Ansible/EC2  · Ansible/EC2/Static Inventory  · Ansible/EC2/Dynamic Inventory Best Practices Ansible/Directory Layout  · Ansible/Directory Layout/Details Ansible/Separate Playbooks by Role Ansible/Tag Inventory with Environment Ansible/Group by Distribution Ansible/Variables and Vaults Ansible Galaxy Ansible/Galaxy Flags  · Template:AnsibleFlag  · e