Is it insecure to have an ansible user with passwordless sudo?

lonix asked:

I’m new to Ansible. Most VPS provisioning guides I’ve seen so far do this:

  1. disable root from logging in
  2. create a new user who can only log in with ssh (not password)
  3. add the new user to the wheel group, with passwordless sudo permission

I understand (1) and (2), but not (3).

Surely passwordless sudo is just like logging in as root? I understand the benefit (convenience), but isn’t this highly insecure?

I realise that admins run their networks in various ways, and so this could be said to be “subjective”, but this is a VERY common practice, it’s even shown in various official ansible docs as well as guides published by hosting companies. It goes against common sense. What is the logic behind it?

My answer:

If the service account can do passwordless sudo, then you have to protect access to that account.

Having the account not have a password, and using only ssh keys to log in to it, accomplishes this, provided you can keep the ssh private key secure as well.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.