Ansible Privilege Escalation
189 views
Skip to first unread message
Mona Gopal
Jul 15, 2015, 6:38:51 AM7/15/15
to ansible...@googlegroups.com
Hello Everyone,
Below is a play that i have written to execute the task as a sudo user.
- name: Testing the sudo user concept in this play
hosts: all
# user: ved
become: yes
become_method: su
become_pass: root_123
tasks:
- name: edits the contents of the file this task will execute only as a root user
lineinfile: dest=/root/sample.txt state=present insertafter='EOF' line='GAURAV' regexp='MONA'
# become: yes
# become_method: su
# become_pass: root_123
The problem :
The "become_pass" does not work in case of a play , but works fine in case of a task.
Could anyone help me out with this?
Our task is to run the playbook on click of a button in GUI ,so we cannot go by the method of prompting for password.
And also to mention we have multiple tasks to be executed and hence want to apply the become_pass for a play and just a task(like i mentioned in case of a task it works fine.)
Thanks in advance,
Mona G
Brian Coca
Jul 18, 2015, 4:17:09 PM7/18/15
to ansible...@googlegroups.com
What version of ansible?
I just removed this in 2.0 as I thought it was an oversite (i cringed
at passwords embedded in playbooks), but I will reconsider if a good
case can be made for the feature.
--
Brian Coca
I just removed this in 2.0 as I thought it was an oversite (i cringed
at passwords embedded in playbooks), but I will reconsider if a good
case can be made for the feature.
--
Brian Coca
Alex Leonhardt
Jul 18, 2015, 6:14:21 PM7/18/15
to ansible...@googlegroups.com
Hi, you could use Vault instead of using plain text ROOT passwords .. That's extremely dangerous ...
IMHO, there's never a need to set it in a file, other than in Vault which is encrypted, of course ;) ... Just my thoughts.
Alex
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nSeLGOy9Hdd3DLwRsL5jCR4eUXh2dB%3DZiBwwcgZ3Bf2w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Mona Gopal
Jul 20, 2015, 12:00:44 AM7/20/15
to ansible...@googlegroups.com
I'm currently using ansible 1.9.2
Reply all
Reply to author
Forward
0 new messages