cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

add info about relative paths to config page (#51351)

Browse source 
* add info about relative paths to config page

* Update docs/templates/config.rst.j2

Co-Authored-By: bcoca <bcoca@users.noreply.github.com>

* escape the macro to show the macro

* break up long line, revise
This commit is contained in:
Brian Coca 2019-02-21 14:21:28 -05:00 committed by Alicia Cozine
parent e6cc44200c
commit 2c63f453be
1 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
docs/templates/config.rst.j2 vendored
View file

@ -46,7 +46,7 @@ Avoiding security risks with ``ansible.cfg`` in the current directory
--------------------------------------------------------------------- ---------------------------------------------------------------------
If Ansible were to load :file:ansible.cfg from a world-writable current working If Ansible were to load ``ansible.cfg`` from a world-writable current working
directory, it would create a serious security risk. Another user could place directory, it would create a serious security risk. Another user could place
their own config file there, designed to make Ansible run malicious code both their own config file there, designed to make Ansible run malicious code both
locally and remotely, possibly with elevated privileges. For this reason, locally and remotely, possibly with elevated privileges. For this reason,
@ -64,16 +64,28 @@ filesystem so the files and directories are readable and writable by the users
and groups running Ansible but closed to others. For more details on the and groups running Ansible but closed to others. For more details on the
correct settings, see: correct settings, see:
* for Vagrant, Jeremy Kendall's `blog post <http://jeremykendall.net/2013/08/09/vagrant-synced-folders-permissions/>`_ covers synced folder permissions. * for Vagrant, Jeremy Kendall's `blog post <http://jeremykendall.net/2013/08/09/vagrant-synced-folders-permissions/>`_ covers synced folder permissions.
* for WSL, the `WSL docs <https://docs.microsoft.com/en-us/windows/wsl/wsl-config#set-wsl-launch-settings>`_ * for WSL, the `WSL docs <https://docs.microsoft.com/en-us/windows/wsl/wsl-config#set-wsl-launch-settings>`_
and this `Microsoft blog post <https://blogs.msdn.microsoft.com/commandline/2018/01/12/chmod-chown-wsl-improvements/>`_ cover mount options. and this `Microsoft blog post <https://blogs.msdn.microsoft.com/commandline/2018/01/12/chmod-chown-wsl-improvements/>`_ cover mount options.
If you absolutely depend on having the config live in a world-writable current If you absolutely depend on storing your Ansible config in a world-writable current
working directory, you can explicitly specify the config file via the working directory, you can explicitly specify the config file via the
:envvar:`ANSIBLE_CONFIG` environment variable. Please take :envvar:`ANSIBLE_CONFIG` environment variable. Please take
appropriate steps to mitigate the security concerns above before doing so. appropriate steps to mitigate the security concerns above before doing so.
Relative paths for configuration
--------------------------------
You can specify a relative path for many configuration options. In most of
those cases the path used will be relative to the ``ansible.cfg`` file used
for the current execution. If you need a path relative to your current working
directory (CWD) you can use the ``{%raw%}{{CWD}}{%endraw%}`` macro to specify
it. We do not recommend this approach, as using your CWD as the root of
relative paths can be a security risk. For example:
``cd /tmp; secureinfo=./newrootpassword ansible-playbook ~/safestuff/change_root_pwd.yml``.
Common Options Common Options
============== ==============