Yes, but as for the sudo limitation (or scope), the user connected is the one invoking the sudo commands (even if they will be run as a different user than root). So, at the end, and I might be a little paranoic here, the same user you're connecting will be invoking the sudo commands.
To the end, how's ansible invoking the sudo command when an alternative sudo user has been specified? On Wednesday, October 1, 2014 2:15:42 PM UTC+2, Michael DeHaan wrote: > > The user you connect as, and sudo to, are both seperately configurable. > > > > On Wed, Oct 1, 2014 at 6:23 AM, Andreas Calvo <[email protected] > <javascript:>> wrote: > >> Thanks! >> >> Having the same user to do the connection and run sudo does not seems a >> good fit. >> And SU is not an option since the password cannot be stored in the >> inventory file. >> >> On Tuesday, September 30, 2014 7:36:40 PM UTC+2, tkuratomi wrote: >>> >>> On Tue, Sep 30, 2014 at 11:41 AM, Andreas Calvo >>> <[email protected]> wrote: >>> > Michael, >>> > Sure! >>> > >>> > The goal is to be able to separate the user than connects to the >>> server from >>> > the user that runs privileged commands (even if using sudo). >>> > If ssh user is different than sudo user, does it imply that sudo >>> commands >>> > will be executed as sudo --user? >>> > >>> >>> Are you meaning like this? >>> >>> $ ansible localhost -a whoami >>> localhost | success | rc=0 >> >>> badger >>> >>> $ ansible localhost -a whoami -K --sudo >>> sudo password: >>> localhost | success | rc=0 >> >>> root >>> >>> $ ansible localhost -a whoami -K --sudo -U testuser >>> sudo password: >>> localhost | success | rc=0 >> >>> testuser >>> >>> In a playbook, that looks something like: >>> >>> $ cat test.yml >>> - hosts: localhost >>> sudo: yes >>> tasks: >>> - command: whoami >>> register: output >>> - debug: var=output >>> >>> $ ansible-playbook test.yml -K >>> >>> Docs for this are at: >>> http://docs.ansible.com/playbooks_intro.html#hosts-and-users >>> >>> -Toshio >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/c8f6aca4-e755-4c93-99d7-e2bd2487b06b%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/c8f6aca4-e755-4c93-99d7-e2bd2487b06b%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/96505be3-e4b8-4f58-90c0-8638699c4c70%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
