It does have sudo access, but it is restricted, namely it cannot use exec
*/bin/sh.*
So if I do:
*napicella@localhost > ssh blablahost*
*napicella@blalahost> sudo cp /tmp/a > /etc/yum.repos.d/a *
This works as expected, what it does not work is:
*napicella@blalahost> sudo /bin/bash -c 'cp /tmp/a > /etc/yum.repos.d/a'*
*Sorry user napicella is not allowed to execute /bin/bash .....*
which appears to be exactly what Ansible does when the *become* property is
set in the playbook task
On Friday, 28 September 2018 20:32:25 UTC+3, Karthik Chandrashekar wrote:
>
> Well, is that user been given sudo rights on remote machine if so, Could
> you check if you are able to login as that user and execute the same task
> manually without ansible.
>
> On Friday, September 28, 2018 at 10:58:44 PM UTC+5:30, Nicola Apicella
> wrote:
>>
>> I am running the playbook without specifying an user:
>>
>>
>> *ansible-playbook --ask-become-pass -vvv test-playbook*
>> Running the command with -u flag does not change the error:
>>
>> *ansible-playbook -u napicella --ask-become-pass -vvv test-playbook*
>>
>> where *napicella *is an user on both the local machine and the remote one
>>
>> On Friday, 28 September 2018 20:08:28 UTC+3, Karthik Chandrashekar wrote:
>>>
>>> What is the username you are trying to connect as ?
>>>
>>> On Friday, September 28, 2018 at 10:06:32 PM UTC+5:30, Nicola Apicella
>>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I am sorry for the newbie question, I ve just started looking into
>>>> Ansible but I did not find any info in the docs or anywhere else that
>>>> could
>>>> help me find a resolution.
>>>> I have a bunch of hosts on which I have sudo access.
>>>> *>sudo whoami*
>>>> *root*
>>>>
>>>> But I do not have permission to run
>>>> *> sudo /bin/sh -c echo "Hello!"*
>>>> *Sorry, user some-user is not allowed to execute '/bin/sh -c echo Hello
>>>> world' as root on blabahost.*
>>>>
>>>> This is blocking me from executing a simple playbook which copies files
>>>> under */etc/yum.repos.d*
>>>> The playbook like this:
>>>>
>>>> *---*
>>>> *- name: test-pl*
>>>> * hosts: blablahost*
>>>>
>>>> * tasks:*
>>>> * - name: test*
>>>> * become: yes*
>>>> * become_method: sudo*
>>>> * copy:*
>>>> * content: ""*
>>>> * dest: /etc/yum.repos.d/a*
>>>> * force: no*
>>>> * group: root*
>>>> * owner: root*
>>>> * mode: 0555*
>>>>
>>>> The error I get is basically the same one mentioned above. My user is
>>>> not allowed to execute */bin/sh *as root.
>>>>
>>>> blablahost | FAILED! => {
>>>> "changed": false,
>>>> "module_stderr": "Shared connection to blablahost closed.\r\n",
>>>> "module_stdout": "\r\nSorry, user some-user is not allowed to
>>>> execute '/bin/sh -c echo BECOME-SUCCESS-rhzefxcamynrooqcpyqppdiqvzlqbmyt;
>>>> /usr/bin/python
>>>> /home/some-user/.ansible/tmp/ansible-tmp-1538151353.33-57836367165837/command.py'
>>>>
>>>> as root on blablahost.\r\n",
>>>> "msg": "MODULE FAILURE",
>>>> "rc": 1
>>>> }
>>>>
>>>> The problem could be fixed if Ansible would allow to start the bash as
>>>> a normal user and then run the copy command with *sudo.*
>>>> Basically, avoiding executing */bin/sh *as root.
>>>> Are you aware of a workaround for this case? Or am I missing something?
>>>>
>>>>
>>>> Thanks in advance.
>>>> -Nicola
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/813c193a-0d8b-4ec2-87a8-6b052eb6126e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
