Main thing I am trying to do is to run the tests from an unprivileged user (a gui runs these tests) without giving away the keys to the castle if this user gets compromised.
Most of the tests shouldn't need root access and it should be best practice not to need it in the first place.
According to the generated config installed by the helper script, it should be possbile to disable sudo:
# Disable sudo
# set :disable_sudo, true
There is a section within the advanced tips area at: http://serverspec.org/advanced_tips.html - "How to control sudo", that lists the different options available to control sudo during the spec runs
