ansible cannot chain privilege escalation methods, it can either use pbrun or su, but not both. pbrun should be able to allow you to execute all commands as a user w/o needing su.
On Wed, May 27, 2015 at 1:19 PM, Aneesh Joseph <[email protected]> wrote: > I'm trying to find the equivalent of > > > ansible dev -a "/opt/pb/bin/pbrun su tomcat -c echo hi" -u aneesh > > > > > (this works) > > I tried with > > ansible dev -a "echo hi" -u aneesh > --become-user=tomcat--become-method=pbrun -b > > > > but it gave me the response > > "failed": true, > "msg": "/bin/sh: pbrun: command not found\r\nOpenSSH_5.3p1, OpenSSL > 1.0.1e-fips 11 Feb 2013\ndebug1: Reading configuration data > /etc/ssh/ssh_config\r\ndebug1: Applying options for *\r\ndebug1: auto-mux: > Trying existing master\r\ndebug1: mux_client_request_session: master session > id:................ > > > so I moved pbrun on the dev host to /bin/pbrun > > and now it shows the error > > "failed": true, > "msg": "usage: pbrun [-D level] -h | -K | -k | -V\r\nusage: pbrun -v > [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-u user\r\n > name|#uid]\r\nusage: pbrun -l[l] [-AknS] [-D level] [-g groupname|#gid] [-p > prompt] [-U user\r\n name] [-u user name|#uid] [-g > groupname|#gid] [command]\r\n....... > > > Any idea how I can get this working? > > > basically this is what I'm trying to do : > > ansible@ansible>ssh aneesh@dev > aneesh@dev. pbrun su tomcat > tomcat@dev> echo hi > > Thanks, > Aneesh > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/fd5bd3d8-a734-41e1-8345-bec23c94a0e7%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DJRtRL9u8OH1cPdv779mww6u6Umvr1U%3D04cV9U9ctqtA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
