become_user for a given task is not honored when I run shells or scripts on nodes

[Gary Collins]

In my real playbook, I need to add new user myuser , then install home-brew for that user.

This is my command line to run below.

uadmin is the only user initially configured on machine given to me.

When I run below it install homebrew for uadmin and not as mach5-one

If I run each part of my real playbook from command line as uadmin to install user, then as myuser for everything else

it install homebrew as myuser.. But that defeats the one play to install all parts and defining who to run things as.

I must be missing something real simple..  if I add become: yes then I get permission issues

Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: /tmp/ansible-tmp-1521827588.02-202609912949198/: Operation not permitted

chown: /tmp/ansible-tmp-1521827588.02-202609912949198/stat.py: Operation not permitted

}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user

Thanks for any help,

Gary

ansible-playbook -u uadmin -k -K -i hosts myhost some.yml --tags homebrew2

some.yml

---

# Entire Playbook

- hosts: all

  roles:

    - { role: homebrew2, become_user: myuser}

roles/homebrew2/tasks/main.yml

---

- name: Check if Homebrew is already installed

  stat:

    path: /usr/local/bin/brew

  register: b

  tags: homebrew2

- name: Install Homebrew

  script: install-homebrew.sh

  when: not b.stat.exists

  tags: homebrew2

roles/homebrew2/files/install-homebrew.sh 

#!/bin/bash

yes | /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

[Brian Coca]

You set become_user, but you don't enable become itself? try adding become: yes


--
----------
Brian Coca

[Gary Collins]

if I add become: yes then I get permission issues

Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: /tmp/ansible-tmp-1521827588.02-202609912949198/: Operation not permitted

chown: /tmp/ansible-tmp-1521827588.02-202609912949198/stat.py: Operation not permitted

}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user

[Kai Stian Olstad]

On Friday, 23 March 2018 20.29.47 CET Gary Collins wrote:
>
> if I add become: yes then I get permission issues
>
> Failed to set permissions on the temporary files Ansible needs to create
> when becoming an unprivileged user (rc: 1, err: chown:
> /tmp/ansible-tmp-1521827588.02-202609912949198/: Operation not permitted
>
> chown: /tmp/ansible-tmp-1521827588.02-202609912949198/stat.py: Operation
> not permitted
>
> }). For information on working around this, see
> https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user

Have you read the error message and done what it says?

--
Kai Stian Olstad

[Gary Collins]

[Gary Collins]

The only way I see to get it to work is to allow_world_readable_tmpfiles in the ansible.cfg

This seems like a messy solution..  Returns the follow warning.

 [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see

https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user

Seems Kind of a hack solution.. If I broke up the add user into 1 playbook. then ran using uadmin to add user, then the rest of the playbook in another and run

as myuser then all is well.  But the defeats the become_user defines in the code.  

On Friday, March 23, 2018 at 12:50:29 PM UTC-7, Kai Stian Olstad wrote: