From 2c63f453be0d5d140bf19cbb62abce09befe6c69 Mon Sep 17 00:00:00 2001
From: Brian Coca <bcoca@users.noreply.github.com>
Date: Thu, 21 Feb 2019 14:21:28 -0500
Subject: [PATCH] add info about relative paths to config page (#51351)

* add info about relative paths to config page

* Update docs/templates/config.rst.j2

Co-Authored-By: bcoca <bcoca@users.noreply.github.com>

* escape the macro to show the macro

* break up long line, revise
---
 docs/templates/config.rst.j2 | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/docs/templates/config.rst.j2 b/docs/templates/config.rst.j2
index de86cade5e9..fd38f5172c3 100644
--- a/docs/templates/config.rst.j2
+++ b/docs/templates/config.rst.j2
@@ -46,7 +46,7 @@ Avoiding security risks with ``ansible.cfg`` in the current directory
 ---------------------------------------------------------------------
 
 
-If Ansible were to load :file:ansible.cfg from a world-writable current working
+If Ansible were to load ``ansible.cfg`` from a world-writable current working
 directory, it would create a serious security risk. Another user could place
 their own config file there, designed to make Ansible run malicious code both
 locally and remotely, possibly with elevated privileges. For this reason,
@@ -64,16 +64,28 @@ filesystem so the files and directories are readable and writable by the users
 and groups running Ansible but closed to others.  For more details on the
 correct settings, see:
 
-* for Vagrant, Jeremy Kendall's `blog post <http://jeremykendall.net/2013/08/09/vagrant-synced-folders-permissions/>`_ covers synced folder permissions. 
+* for Vagrant, Jeremy Kendall's `blog post <http://jeremykendall.net/2013/08/09/vagrant-synced-folders-permissions/>`_ covers synced folder permissions.
 * for WSL, the `WSL docs <https://docs.microsoft.com/en-us/windows/wsl/wsl-config#set-wsl-launch-settings>`_
   and this `Microsoft blog post <https://blogs.msdn.microsoft.com/commandline/2018/01/12/chmod-chown-wsl-improvements/>`_ cover mount options.
 
-If you absolutely depend on having the config live in a world-writable current
+If you absolutely depend on storing your Ansible config in a world-writable current
 working directory, you can explicitly specify the config file via the
 :envvar:`ANSIBLE_CONFIG` environment variable. Please take
 appropriate steps to mitigate the security concerns above before doing so.
 
 
+Relative paths for configuration
+--------------------------------
+
+You can specify a relative path for many configuration options. In most of
+those cases the path used will be relative to the ``ansible.cfg`` file used
+for the current execution. If you need a path relative to your current working
+directory (CWD) you can use the ``{%raw%}{{CWD}}{%endraw%}`` macro to specify
+it. We do not recommend this approach, as using your CWD as the root of
+relative paths can be a security risk. For example:
+``cd /tmp; secureinfo=./newrootpassword ansible-playbook ~/safestuff/change_root_pwd.yml``.
+
+
 Common Options
 ==============