How to allow only Ansible to run commands as sudo? - MFR-6

In `/etc/sudoers.d/` directory, create a new file with the following configuration: ``` Host_Alias TEST = srv1.example.com %<group> TEST = NOPASSWD: /bin/sh -c echo BECOME-SUCCESS-*, /usr/bin/sh -c echo BECOME-SUCCESS-* ``` It allows all users in group to run Ansible playbooks with `--become` flag on a TEST server. It works because each time Ansible runs the command on the server, it uses the following syntax: `sudo sh -c "echo BECOME-SUCCESS-<random_token>"` ### See also 1. [[How to list sudo privileges for specific user?]] 2. [[Ansible]]