Thanks for your reply, taking the first example,
first example
=========
logs in as *foo *and runs command as bar (uses foo's privlege to sudo to
bar)
*ansible_ssh_user=fooansible_sudo_user=bar*
ansible server server1
--------------------- -----------
foo --> ssh --> foo
bar
The Ansible session is initiated on the Ansible server as user *root*. * (
or should I use foo ? )*
Ansible uses user *foo *for the SSH session between the Ansible server and
the remote server, server1
On server1, user *foo *is given access to run commands as user bar via the
*/etc/suders* file
/etc/sudoers
-----------------------------------------------
foo ALL=(bar) NOPASSWD: ALL
Second example
============
logs in as *foo *and runs commands as foo user (this is actually a sudo
noop)
*ansible_ssh_user=fooansible_sudo_user=foo*
ansible server server1
--------------------- -----------
foo --> ssh --> foo
The Ansible session is initiated on the Ansible server as user root.
Ansible uses user *foo *for the SSH session between the Ansible server and
the remote server, server1
On server1, user *foo *runs commands on server1
No changed to the */etc/suders* file are required.
Third example
==========
logs in as *foo *and runs commands as root user (for this you need to
modify the sudoers)
*ansible_ssh_user=fooansible_sudo_user=root*
ansible server server1
--------------------- -----------
foo --> ssh --> foo
root
The Ansible session is initiated on the Ansible server as user *root*.
Ansible uses user foo for the SSH session between the Ansible server and
the remote server, server1
On server1, user foo runs commands on server1 as the root user.
/etc/sudoers
-----------------------------------------------
foo ALL=(ALL) NOPASSWD: ALL
Do I have this right now?
Is this documented anywhere. I have looked for something like this but can
not find it.
Thank you.
On Friday, 16 January 2015 16:26:28 UTC, Brian Coca wrote:
>
> No, sudo_user is not the user allowed to sudo, but the user you are
> allowed to sudo as.
>
> logs in as foo and runs command as bar (uses foo's privlege to sudo to
> bar)
> ansible_ssh_user=foo
> ansible_sudo_user=bar
>
> logs in as foo and runs commands as foo user (this is actually a sudo
> noop)
> ansible_ssh_user=foo
> ansible_sudo_user=foo
>
> logs in as foo and runs commands as root user (for this you need to
> modify the sudoers)
> ansible_ssh_user=foo
> ansible_sudo_user=root
>
> ----
> Brian Coca
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/297fde63-7e8c-49bc-b857-05912a3e73ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
