What specific task needs sudo/root privilege's when nomad_user is not root?

Open saurabh-sp-tripathi opened this issue 3 years ago • 0 comments

I understand the nomad need to be start/restart as a 'root' user because many operation it runs, needs root privilege.

However as a system admin I would like to harden/limit the scope of 'sudo' access to specific tasks only. As far as I have analyzed the following will need sudo/become/root privilege's:

handlers/main.yml: restart nomad
tasks/main.yml: start nomad
file & template operations owned by root

Is there anything out of this list ? and Is there any cautions or recommendations?

ref: https://www.nomadproject.io/docs/install/production/requirements

Jan 03 '22 18:01 saurabh-sp-tripathi