Hi Neil,
>From the debug output, it's trying to connect as nruser:
debug1: Reading configuration data /Users/nrser/.ssh/config
Do you know where have you specified that ansible should connect as nruser?
Joanna
On Thursday, September 24, 2015 at 10:58:36 AM UTC-5, nrser wrote:
>
> hey, i'm having issues with privilege escalation on OSX (all machines at
> version 10.10 with ansible ):
>
> we are using ansible to help manage our workstations, and when i execute
> playbooks locally using ansible_connection=local on the target as the
> user (josh in this case), tasks with sudo: true work fine
>
> when executing from my machine any sudo tasks fail with permissions errors.
>
> i'm using an inventory line like
>
> josh ansible_ssh_host=Joshs-MacBook-Pro.local ansible_ssh_user=sysadmin
> ansible_become_user=josh
>
> Josh's machine has a sysadmin user that i can log into using my ssh key
> that is part of the admin group and has
>
> sysadmin ALL=(ALL) NOPASSWD:ALL
>
> in the /etc/sudoers file. the josh user is also in admin and has "no
> password" setup in sudoers.
>
> when executing from my machine, i get errors like
>
> failed: [josh] => {"failed": true, "parsed": false}
> BECOME-SUCCESS-bcpvkbjdbokqphwizmnpqwllqehnwiyh
> Traceback (most recent call last):
> File "/tmp/ansible-tmp-1443108894.49-142723340060191/lineinfile", line
> 2217, in <module>
> main()
> File "/tmp/ansible-tmp-1443108894.49-142723340060191/lineinfile", line
> 394, in main
> ins_aft, ins_bef, create, backup, backrefs)
> File "/tmp/ansible-tmp-1443108894.49-142723340060191/lineinfile", line
> 201, in present
> f = open(dest, 'rb')
> IOError: [Errno 13] Permission denied: '/etc/sudoers'
> OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
> debug1: Reading configuration data /Users/nrser/.ssh/config
> debug1: Reading configuration data /etc/ssh_config
> debug1: /etc/ssh_config line 20: Applying options for *
> debug1: /etc/ssh_config line 53: Applying options for *
> debug1: auto-mux: Trying existing master
> debug1: mux_client_request_session: master session id: 2
> Shared connection to Joshs-MacBook-Pro.local closed.
>
>
> FATAL: all hosts have already failed -- aborting
>
> i also get errors when trying anything with sudo or become_user, not just
> touching /etc/sudoers.
>
> all the users involved have no-password sudo permissions... i don't
> understand why they can't escalate.
>
> anyone have any info / ideas / suggestions?
>
> thanks, Neil.
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0bc61abd-1f38-43c1-8db3-37ca8d476381%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
