archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add info about relative paths to config page (#51351)

Browse Source 
* add info about relative paths to config page

* Update docs/templates/config.rst.j2

Co-Authored-By: bcoca <bcoca@users.noreply.github.com>

* escape the macro to show the macro

* break up long line, revise
pull/52746/head
Brian Coca 7 years ago committed by Alicia Cozine
parent e6cc44200c
commit 2c63f453be
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File

16
docs/templates/config.rst.j2 vendored
Unescape Escape View File

@ -46,7 +46,7 @@ Avoiding security risks with ``ansible.cfg`` in the current directory
--------------------------------------------------------------------- ---------------------------------------------------------------------
If Ansible were to load :file:ansible.cfg from a world-writable current working If Ansible were to load ``ansible.cfg`` from a world-writable current working
directory, it would create a serious security risk. Another user could place directory, it would create a serious security risk. Another user could place
their own config file there, designed to make Ansible run malicious code both their own config file there, designed to make Ansible run malicious code both
locally and remotely, possibly with elevated privileges. For this reason, locally and remotely, possibly with elevated privileges. For this reason,
@ -68,12 +68,24 @@ correct settings, see:
* for WSL, the `WSL docs <https://docs.microsoft.com/en-us/windows/wsl/wsl-config#set-wsl-launch-settings>`_ * for WSL, the `WSL docs <https://docs.microsoft.com/en-us/windows/wsl/wsl-config#set-wsl-launch-settings>`_
and this `Microsoft blog post <https://blogs.msdn.microsoft.com/commandline/2018/01/12/chmod-chown-wsl-improvements/>`_ cover mount options. and this `Microsoft blog post <https://blogs.msdn.microsoft.com/commandline/2018/01/12/chmod-chown-wsl-improvements/>`_ cover mount options.
If you absolutely depend on having the config live in a world-writable current If you absolutely depend on storing your Ansible config in a world-writable current
working directory, you can explicitly specify the config file via the working directory, you can explicitly specify the config file via the
:envvar:`ANSIBLE_CONFIG` environment variable. Please take :envvar:`ANSIBLE_CONFIG` environment variable. Please take
appropriate steps to mitigate the security concerns above before doing so. appropriate steps to mitigate the security concerns above before doing so.
Relative paths for configuration
--------------------------------
You can specify a relative path for many configuration options. In most of
those cases the path used will be relative to the ``ansible.cfg`` file used
for the current execution. If you need a path relative to your current working
directory (CWD) you can use the ``{%raw%}{{CWD}}{%endraw%}`` macro to specify
it. We do not recommend this approach, as using your CWD as the root of
relative paths can be a security risk. For example:
``cd /tmp; secureinfo=./newrootpassword ansible-playbook ~/safestuff/change_root_pwd.yml``.
Common Options Common Options
============== ==============

Write Preview
Loading…
Cancel
Save