Sorry, user xxxxx is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS

[Juan Roman]

Sorry is this has been posted and answered by I find nothing while searching. I'm attempting to connect to my AIX server but can't sudo.

Here's my sudo setup.

xxxxx          ALL=(ALL) /usr/bin/su -,/usr/bin/su -




GATHERING FACTS ***************************************************************
<aixserver.com> ESTABLISH CONNECTION FOR USER: userXX
<aixserver.com> REMOTE_MODULE setup CHECKMODE=True
<aixserver.com> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/userXX/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 aixserver.com /bin/sh -c 'mkdir -p /tmp/ansible-tmp-1457568234.68-267839190034318 && chmod a+rx /tmp/ansible-tmp-1457568234.68-267839190034318 && echo /tmp/ansible-tmp-1457568234.68-267839190034318'
<aixserver.com> PUT /tmp/tmpMNXTOm TO /tmp/ansible-tmp-1457568234.68-267839190034318/setup
<aixserver.com> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/userXX/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 aixserver.com /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=stujpsrxsgjiigrjvzefkwkrkuvaxyhs] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-stujpsrxsgjiigrjvzefkwkrkuvaxyhs; LANG=C LC_CTYPE=C /usr/bin/python /tmp/ansible-tmp-1457568234.68-267839190034318/setup; rm -rf /tmp/ansible-tmp-1457568234.68-267839190034318/ >/dev/null 2>&1'"'"''
failed: [aixserver.com] => {"failed": true, "parsed": false}

Sorry, user userXX is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS-stujpsrxsgjiigrjvzefkwkrkuvaxyhs; LANG=C LC_CTYPE=C /usr/bin/python /tmp/ansible-tmp-1457568234.68-267839190034318/setup; rm -rf /tmp/ansible-tmp-1457568234.68-267839190034318/ >/dev/null 2>&1' as root on ti1wps2.
debug1: mux_client_request_session: master session id: 2
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
Shared connection to aixserver.com closed.


TASK: [iib-bin | Change Directory to $IIB_ROOT_INSTALL] ***********************
FATAL: no hosts matched or all hosts have already failed -- aborting


PLAY RECAP ********************************************************************
           to retry, use: --limit @/home/userXX/site.retry

aixserver.com      : ok=0    changed=0    unreachable=0    failed=1  

[Mark Janssen]

Ansible needs to be able to run 'ALL'  commands...

so:

xxxx ALL=(ALL) ALL

As it doesn't run su or anything directly, but runs python which exec's stuff later.

Mark

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cac9d97c-3cd5-41b4-acfc-68fe75a072ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Mark Janssen  --  maniac(at)maniac.nl
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com

[Ricardo Esteves]

What about on cases that you can't have ALL on the sudoers?

For example i can't execute /bin/sh with sudo, is there any way to make the module not execute /bin/sh first? Just execute the commands without /bin/sh in the beginning?

[Brian Coca]

Only with 'raw', every other module needs a shell and a interpreter (normally python), ansible does not execute shell commands directly in most cases but a script.

----------

Brian Coca