The user you connect as, and sudo to, are both seperately configurable.
On Wed, Oct 1, 2014 at 6:23 AM, Andreas Calvo <[email protected] > wrote: > Thanks! > > Having the same user to do the connection and run sudo does not seems a > good fit. > And SU is not an option since the password cannot be stored in the > inventory file. > > On Tuesday, September 30, 2014 7:36:40 PM UTC+2, tkuratomi wrote: >> >> On Tue, Sep 30, 2014 at 11:41 AM, Andreas Calvo >> <[email protected]> wrote: >> > Michael, >> > Sure! >> > >> > The goal is to be able to separate the user than connects to the server >> from >> > the user that runs privileged commands (even if using sudo). >> > If ssh user is different than sudo user, does it imply that sudo >> commands >> > will be executed as sudo --user? >> > >> >> Are you meaning like this? >> >> $ ansible localhost -a whoami >> localhost | success | rc=0 >> >> badger >> >> $ ansible localhost -a whoami -K --sudo >> sudo password: >> localhost | success | rc=0 >> >> root >> >> $ ansible localhost -a whoami -K --sudo -U testuser >> sudo password: >> localhost | success | rc=0 >> >> testuser >> >> In a playbook, that looks something like: >> >> $ cat test.yml >> - hosts: localhost >> sudo: yes >> tasks: >> - command: whoami >> register: output >> - debug: var=output >> >> $ ansible-playbook test.yml -K >> >> Docs for this are at: >> http://docs.ansible.com/playbooks_intro.html#hosts-and-users >> >> -Toshio >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/c8f6aca4-e755-4c93-99d7-e2bd2487b06b%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/c8f6aca4-e755-4c93-99d7-e2bd2487b06b%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwfSQ-CSa9K2DUj2AhAkyo635dgVqSn-vgsEyH38v1gQw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
