I have this as part of my "set node up for ansible" playbook.
- name: Special for osmc. Make sure secure_path is honored
file: path=/etc/sudoers.d/osmc-no-secure-path state=absent
For more info look here:
https://discourse.osmc.tv/t/system-path-broken-when-running-a-non-interactive-sudo-command/4167/6
Worked for me so far and I don't have to set env vars during apt tasks
(useful because I don't want to alter my site-yml playbook for just the
osmc node).
On Tuesday, 6 October 2015 21:43:52 UTC+2, Alastair Brayne wrote:
>
> Did you find a solution to this by any chance?
>
> I've got exactly the same problem and am beginning to get mighty pissed
> at the amount of useless yak-shaving that isn't even working.
>
> No matter what I try, it looks like the secure_path in the sudoers file
> is ignored somewhere down the call stack.
>
> I did find this reference: https://wiki.debian.org/sudo#PATH_not_set.
> But, I don't seem to have any other sudoers file and this isn't an upgrade.
>
> Completely stumped and reaching the end of my patience with this
> (been at this one issue for literally a week now)
>
> Any help HUGELY appreciated
>
> Thanks
> Alastair
>
> On Thursday, 14 May 2015 13:27:28 UTC+1, Alex Peters wrote:
>>
>> I tried running this very verbose command:
>>
>> ansible -vvv -m setup XXX
>>
>>
>> which caused the following to be output (among other things):
>>
>> <XXX> EXEC sshpass -d6 ssh -C -tt -v -o ControlMaster=auto -o
>> ControlPersist=60s -o ControlPath=".../.ansible/cp/ansible-ssh-%h-%p-%r" -o
>> GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=osmc -o
>> ConnectTimeout=10 XXX /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via
>> ansible, key=xidpkckjjfdcsgiewleebdlstyiyzpad] password: " -u root /bin/sh
>> -c '"'"'echo BECOME-SUCCESS-xidpkckjjfdcsgiewleebdlstyiyzpad; LANG=C
>> LC_CTYPE=C /usr/bin/python
>> /home/osmc/.ansible/tmp/ansible-tmp-1431605612.35-230680545785241/setup; rm
>> -rf /home/osmc/.ansible/tmp/ansible-tmp-1431605612.35-230680545785241/
>> >/dev/null 2>&1'"'"''
>>
>>
>> which prompted me to cut out Ansible altogether and just try this:
>>
>> $ ssh osmc@XXX /bin/sh -c '"echo $PATH"'
>> OSMC: Open Source Media Center
>> osmc@XXX's password:
>> /usr/local/bin:/usr/bin:/bin:/usr/games
>>
>>
>> $ ssh osmc@XXX /usr/bin/sudo -u root /bin/sh -c '"echo $PATH"'
>> OSMC: Open Source Media Center
>> osmc@XXX's password:
>> /usr/local/bin:/usr/bin:/bin:/usr/games
>>
>>
>> which is a very different PATH to when I log in interactively:
>>
>> $ ssh osmc@XXX
>> OSMC: Open Source Media Center
>> osmc@XXX's password:
>> osmc@XXX:~$ echo $PATH
>>
>> /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/sbin:/usr/sbin:/opt/vc/bin
>> osmc@XXX:~$ sudo echo $PATH
>>
>> /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/sbin:/usr/sbin:/opt/vc/bin
>>
>>
>> So on the bright side, it doesn't seem to be an Ansible problem after
>> all, which means it's probably out of scope for this discussion group.
>> Time to read up on the differences between interactive, non-interactive,
>> login and non-login bashsessions, it seems...
>>
>> Thanks anyway for all of your attention to this point. I'm sorry to have
>> wasted your time.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/87970eab-35f4-4ec5-8cbf-6ba541d7b849%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
