sudo privilege's are not working
95 views
Skip to first unread message
Shivakumar Venkataswamy
Jun 14, 2022, 3:16:27 AM6/14/22
to Ansible Project
Hi team,
look at my playbook
---
- hosts: all
become: true
become_user: ansible
tasks:
- name: add a user to the list of AllowUsers if not present
vars:
usernames:
- shivakumar.venkataswamy
- karthik.reddy
- aman.saxena
lineinfile:
path: /etc/ssh/sshd_config
backrefs: yes
backup: yes
state: absent
regexp: '^AllowUsers((?:(?:\s+\S+(?!\S))(?<!\s{{ usernames }}))+\s*?)(\n?)$'
line: 'AllowUsers\1 shivakumar.venkataswamy karthik.reddy aman.saxena\2'
validate: /usr/sbin/sshd -t -f %s
- hosts: all
become: true
become_user: ansible
tasks:
- name: add a user to the list of AllowUsers if not present
vars:
usernames:
- shivakumar.venkataswamy
- karthik.reddy
- aman.saxena
lineinfile:
path: /etc/ssh/sshd_config
backrefs: yes
backup: yes
state: absent
regexp: '^AllowUsers((?:(?:\s+\S+(?!\S))(?<!\s{{ usernames }}))+\s*?)(\n?)$'
line: 'AllowUsers\1 shivakumar.venkataswamy karthik.reddy aman.saxena\2'
validate: /usr/sbin/sshd -t -f %s
I'm facing below error,
SSH password:
1
BECOME password[defaults to SSH password]:
2
3
PLAY [all] *********************************************************************12:45:29
4
5
TASK [Gathering Facts] *********************************************************12:45:29
6
ok: [172.16.13.254]
7
8
TASK [add a user to the list of AllowUsers if not present] *********************12:45:31
9
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: IOError: [Errno 13] Permission denied: '/etc/ssh/sshd_config'
10
fatal: [172.16.13.254]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 172.16.13.254 closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", line 102, in <module>\r\n _ansiballz_main()\r\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", line 94, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", line 40, in invoke_module\r\n runpy.run_module(mod_name='ansible.modules.files.lineinfile', init_globals=None, run_name='__main__', alter_sys=True)\r\n File \"/usr/lib64/python2.7…
11
12
PLAY RECAP *********************************************************************12:45:32
13
172.16.13.254 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Stefan Hornburg (Racke)
Jun 14, 2022, 3:46:48 AM6/14/22
to ansible...@googlegroups.com
On 14/06/2022 09:16, 'Shivakumar Venkataswamy' via Ansible Project wrote:
> Hi team,
> look at my playbook
> ---
> - hosts: all
> become: true
> become_user: ansible
> tasks:
> - name: add a user to the list of AllowUsers if not present
> vars:
> usernames:
> - shivakumar.venkataswamy
> - karthik.reddy
> - aman.saxena
> lineinfile:
> path: /etc/ssh/sshd_config
> backrefs: yes
> backup: yes
> state: absent
> regexp: '^AllowUsers((?:(?:\s+\S+(?!\S))(?<!\s{{ usernames }}))+\s*?)(\n?)$'
> line: 'AllowUsers\1 shivakumar.venkataswamy karthik.reddy aman.saxena\2'
> validate: /usr/sbin/sshd -t -f %s
>
Permission denied: '/etc/ssh/sshd_config'
> Hi team,
> look at my playbook
> ---
> - hosts: all
> become: true
> become_user: ansible
> tasks:
> - name: add a user to the list of AllowUsers if not present
> vars:
> usernames:
> - shivakumar.venkataswamy
> - karthik.reddy
> - aman.saxena
> lineinfile:
> path: /etc/ssh/sshd_config
> backrefs: yes
> backup: yes
> state: absent
> regexp: '^AllowUsers((?:(?:\s+\S+(?!\S))(?<!\s{{ usernames }}))+\s*?)(\n?)$'
> line: 'AllowUsers\1 shivakumar.venkataswamy karthik.reddy aman.saxena\2'
> validate: /usr/sbin/sshd -t -f %s
>
The ansible user can't edit the file, so try "become_user: root" in your task.
Regards
Racke
> I'm facing below error,
> SSH password:
> 1
> BECOME password[defaults to SSH password]:
> 2
> 3
> PLAY [all] *********************************************************************12:45:29
> 4
> 5
> TASK [Gathering Facts] *********************************************************12:45:29
> 6
> ok: [172.16.13.254]
> 7
> 8
> TASK [add a user to the list of AllowUsers if not present] *********************12:45:31
> 9
> An exception occurred during task execution. To see the full traceback, use -vvv. The error was: IOError: [Errno 13] Permission denied: '/etc/ssh/sshd_config'
> 10
> fatal: [172.16.13.254]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 172.16.13.254 closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", line 102, in <module>\r\n _ansiballz_main()\r\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", line 94, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", line 40, in invoke_module\r\n runpy.run_module(mod_name='ansible.modules.files.lineinfile', init_globals=None, run_name='__main__', alter_sys=True)\r\n File \"/usr/lib64/python2.7…
> 11
> 12
> PLAY RECAP *********************************************************************12:45:32
> 13
> 172.16.13.254 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Automation expert - Ansible and friends
Linux administrator & Debian maintainer
Perl Dancer & conference hopper
Shivakumar Venkataswamy
Jun 14, 2022, 4:21:14 AM6/14/22
to Ansible Project
ansible is user account we created and member of sudor's ( /etc/sudoers) with full privileges' same as root.
Stefan Hornburg (Racke)
Jun 14, 2022, 4:44:33 AM6/14/22
to ansible...@googlegroups.com
On 14/06/2022 10:21, 'Shivakumar Venkataswamy' via Ansible Project wrote:
> ansible is user account we created and member of sudor's ( /etc/sudoers) with full privileges' same as root.
>
IMHO the privileges are only the same when using the "sudo" command.
> ansible is user account we created and member of sudor's ( /etc/sudoers) with full privileges' same as root.
>
Regards
Racke
>
>
> --
> Automation expert - Ansible and friends
> Linux administrator & Debian maintainer
> Perl Dancer & conference hopper
>
>
> --
> Automation expert - Ansible and friends
> Linux administrator & Debian maintainer
> Perl Dancer & conference hopper
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2ea9555c-aa77-4f44-8ef7-e68946e80917n%40googlegroups.com <https://groups.google.com/d/msgid/ansible-project/2ea9555c-aa77-4f44-8ef7-e68946e80917n%40googlegroups.com?utm_medium=email&utm_source=footer>.
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
Shivakumar Venkataswamy
Jun 14, 2022, 6:20:05 AM6/14/22
to Ansible Project
what is mean by IMHO
how can i execute all commands through playbook by a normal user with root access.
Shivakumar Venkataswamy
Jun 14, 2022, 6:32:43 AM6/14/22
to Ansible Project
Hi team ,,
can we connect through google meet or zoom
it giving more trouble to me.. i hope you guy's easily catch up that..
Regards,
shivu
Dick Visser
Jun 14, 2022, 7:27:59 AM6/14/22
to ansible...@googlegroups.com
On Tue, 14 Jun 2022 at 12:20, 'Shivakumar Venkataswamy' via Ansible Project <ansible...@googlegroups.com> wrote:
what is mean by IMHOhow can i execute all commands through playbook by a normal user with root access.
You don't seem to understand the concept of privilege escalation.
Hopefully this will enough to help you:
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e23fbbb0-68a3-4554-8b06-8c24787d0392n%40googlegroups.com.
Sent from Gmail Mobile
S Bauer-Lee
Jun 14, 2022, 7:57:56 AM6/14/22
to ansible...@googlegroups.com
The user 'ansible' runs the playbook,. The user 'ansible' has sudo privilege as 'root '
Read the docs pertaining to sudo.
In the playbook, the 'become user ' is 'root'
Read the docs pertaining to sudo.
Ansible doesn't use it directly.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e23fbbb0-68a3-4554-8b06-8c24787d0392n%40googlegroups.com.
David Logan
Jun 14, 2022, 10:34:56 AM6/14/22
to Ansible Project
Hi,
Does the user "ansible" have write permissions on /etc/ssh/sshd_config?
Regards
David
When in trouble, or in doubt
Run in circles, scream and shout
Reply all
Reply to author
Forward
0 new messages