Switching User Confusion

[James Goodhouse]

I'm struggling getting Ansible to run commands under the proper user and I have a feeling it's due to my misunderstanding of how things are working.

For example, I'm provisioning a vagrant box, and in my inventory file I have declared ansible_ssh_user=vagrant as well as ansible_ssh_private_key to use vagrant insecure_private_key. All has been working fine, but for a particular command (synchronize) I want it to run as a different user altogether. I only seem to be able to run commands as the vagrant user or as root. The user I want to run the command as does not have a ssh key nor does it have sudo privileges.

Am I doing things all backwards or missing something simple here?

Thanks so much in advance!

James

[Erik Anderson]

The user you're running ansible as needs to have privileges to run commands as your target user. In your use case, this is likely taken care of if you're using one of the standard vagrant boxes.

If you need to override the default sudo user for a command, you can do this:

- name: run this command as the foo user
  sudo_user: foo
  command: /path/to/command

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c19db496-929f-4dd5-b0d2-2d1a44d02901%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[James Tanner]

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CADdM08qUe2Teg-HXWvj5UC_fBxiXHL%3DBwNQ7UsXXrGDmX4UyEw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Synchronize is a very special module in this context. It tries to be "smart" about determining the remote user based on an order of preference and other factors such as sudo.

Could you show us the inventory file, the playbook and the ansible-playbook -vvvv output ?

Setting "remote_user: bob" on the synchronize task may fix it, but I'd really need to see what you have first to be sure.

[James Goodhouse]

What happens if I want to run a command on the server as a user that has no sudo privileges?

[Erik Anderson]

On Tue, Mar 11, 2014 at 10:56 PM, James Goodhouse <jamg...@gmail.com> wrote:

What happens if I want to run a command on the server as a user that has no sudo privileges?

You're not telling ansible to connect as that user *and then* sudo. Rather, you're telling ansible to use the vagrant user (as always), and then issue something equivalent to this:

$ sudo -u foo /path/to/command

This runs the specified command as "foo".

-Erik

[James Goodhouse]

I believe my issue was just a misunderstanding overall of rsync, so I'll hold off on posting the stuff you asked about. Thank you for your help!