Switch to root user using dzdo
3,461 views
Skip to first unread message
Poemy
Feb 7, 2020, 5:45:02 AM2/7/20
to Ansible Project
I have an ansible playblook running some tasks for my user, which I log in through ssh.
The user has root privileges by running following command in the terminal:
dzdo su -It's actually the only way (no sudo, no root password) to get root access.
Now, what I want to do is to switch my user to root at a certain point in my ansible-playbook, using this dzdo su - behavior.
How to do this?
Work-Hard
Feb 7, 2020, 3:17:23 PM2/7/20
to Ansible Project
as a workaround, you can change the file permission on linux to act as root for your target area.
Dick Visser
Feb 7, 2020, 3:48:39 PM2/7/20
to ansible...@googlegroups.com
On Fri, 7 Feb 2020 at 21:17, Work-Hard <workema...@gmail.com> wrote:
>
> as a workaround, you can change the file permission on linux to act as root for your target area.
That sounds like throwing all security out of the window.
>
> as a workaround, you can change the file permission on linux to act as root for your target area.
Please refrain from giving this kind of useless advice...
James Cassell
Feb 7, 2020, 4:35:47 PM2/7/20
to Ansible List
>
> How to do this?
>
Use become_method=dzdo
If they literally require you to type "dzdo su -", then you should talk to your security folks to get a saner policy. (There's likely hacks that can be done, but "hacks")
V/r,
James Cassell
Work-Hard
Feb 7, 2020, 6:05:04 PM2/7/20
to Ansible Project
oh yea? how's that? Please do explain!
Poemy
Feb 9, 2020, 11:21:14 AM2/9/20
to Ansible Project
It's the only way and there won't be a change in the process soon, so I need to deal with it.
They provide me a VM with a login, where I only can have root access to login with the command dzdo su - for 1 week to prepare the VM for real usage.
I use this temporary dzdo root access to install sudo for further usage.
To automate this process I need to write an ansible playbook.
And I tried to use become_method=dzdo but this fails during the run of the playbook.
I think because I still need to specify the su - part of it.
Thanks
Op vrijdag 7 februari 2020 22:35:47 UTC+1 schreef James Cassell:
Vishal Bobade
Feb 9, 2020, 11:34:33 AM2/9/20
to ansible...@googlegroups.com
Hi,
Could you try this, before you want the task done with dzdo previleges.
become: yes
become_method: dzdo
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/41a24067-fa62-4224-b3aa-41b6070bccdc%40googlegroups.com.
Stefan Hornburg (Racke)
Feb 9, 2020, 2:13:43 PM2/9/20
to ansible...@googlegroups.com
On 2/9/20 5:21 PM, Poemy wrote:
> It's the only way and there won't be a change in the process soon, so I need to deal with it.
> They provide me a VM with a login, where I only can have root access to login with the command *dzdo su -* for 1 week to
> It's the only way and there won't be a change in the process soon, so I need to deal with it.
> prepare the VM for real usage.
> I use this temporary dzdo root access to install sudo for further usage.
> To automate this process I need to write an ansible playbook.
> And I tried to use *become_method=dzdo *but this fails during the run of the playbook.
> I use this temporary dzdo root access to install sudo for further usage.
> To automate this process I need to write an ansible playbook.
> I think because I still need to specify the *su - *part of it.
You can try
become_flags: 'su -'
And please post the error message if it still fails.
Regards
Racke
>
> Thanks
>
>
>
> Op vrijdag 7 februari 2020 22:35:47 UTC+1 schreef James Cassell:
>
>
> On Fri, Feb 7, 2020, at 5:45 AM, Poemy wrote:
> > I have an ansible playblook running some tasks for my user, which I log
> > in through ssh.
> >
> > The user has root privileges by running following command in the terminal:
> > `
> > dzdo su -
> > `
> >
> > It's actually the only way (no sudo, no root password) to get root access.
> >
> > Now, what I want to do is to switch my user to root at a certain point
> > in my ansible-playbook, using this *dzdo su -* behavior.
> >
> > How to do this?
> >
>
> Use become_method=dzdo
>
> If they literally require you to type "dzdo su -", then you should talk to your security folks to get a saner
> policy. (There's likely hacks that can be done, but "hacks")
>
> V/r,
> James Cassell
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/0ad67b84-eb0d-48b2-af89-bf0db3f830e9%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/0ad67b84-eb0d-48b2-af89-bf0db3f830e9%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
Poemy
Feb 10, 2020, 11:40:21 AM2/10/20
to Ansible Project
I followed your suggestions, thanks for that.
I have now following task:
- name: Install needed packages for Docker
yum:
name: yum-utils,device-mapper-persistent-data,lvm2
state: latest
become: yes
become_method: dzdo
become_flags: 'su -'When I run my playbook, it fails with following error message.
fatal: [10.7.201.114]: FAILED! => {"changed": false, "module_stderr": "", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
Vishal Bobade
Feb 10, 2020, 12:44:36 PM2/10/20
to ansible...@googlegroups.com
Hi,
Does it requires become_flags? Could you try commenting out that one.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0857d7f6-7aa9-4c17-8064-5c4b2ca2e858%40googlegroups.com.
Poemy
Feb 10, 2020, 1:46:01 PM2/10/20
to Ansible Project
As requested I commented out the become_flags, which gives me the following task:
- name: Install needed packages for Docker
yum:
name: yum-utils,device-mapper-persistent-data,lvm2
state: latest
become: yes
become_method: dzdoAnd this gives as result the same error
Vishal Bobade
Feb 11, 2020, 2:25:56 AM2/11/20
to ansible...@googlegroups.com
Hi,
Seems related to the particular module you are trying to use here.
Could you try performing this manually by ansible i.e. not by using playbook with debug mode enabled and see what error u see.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f1b2b89c-11dc-4470-be3f-6c470136824f%40googlegroups.com.
Vishal Bobade
Feb 11, 2020, 2:28:28 AM2/11/20
to ansible...@googlegroups.com
I would assume that you could run with
-vvv and it will show you the stdout/stderr that indicates the failure in execution.Reply all
Reply to author
Forward
0 new messages