I understand the nomad need to be start/restart as a 'root' user because many operation it runs, needs root privilege.
However as a system admin I would like to harden/limit the scope of 'sudo' access to specific tasks only. As far as I have analyzed the following will need sudo/become/root privilege's:
handlers/main.yml: restart nomad
tasks/main.yml: start nomad
file & template operations owned by root
Is there anything out of this list ? and Is there any cautions or recommendations?
I understand the nomad need to be start/restart as a 'root' user because many operation it runs, needs root privilege.
However as a system admin I would like to harden/limit the scope of 'sudo' access to specific tasks only. As far as I have analyzed the following will need sudo/become/root privilege's:
Is there anything out of this list ? and Is there any cautions or recommendations?
ref: https://www.nomadproject.io/docs/install/production/requirements