SmartOS/Illumos pfexec support
86 views
Skip to first unread message
Preston Marshall
Feb 12, 2015, 4:39:40 PM2/12/15
to ansible...@googlegroups.com
Hi all, I am working on writing some Ansible playbooks to manage my SmartOS deployment. I'm using Illumos/SmartOS's support for RBAC instead of sudo/su, but I'm running into some issues with it.
Basically I just need to run pfexec before each command so it executes with my user's profiles (privileges). I was hoping ANSIBLE_SUDO_EXE or even ANSIBLE_EXECUTABLE would help, but unfortunately pfexec does not accept the same (immutable) flags as sudo, and setting ANSIBLE_EXECUTABLE to pfbash (basically like doing pfexec /bin/bash) causes PUTs to fail on the SSH level for some reason.
Adding pfexec support to Ansible seems like it would be a lot of work for not much gain, so I was considering writing a wrapper to pfexec to translate the sudo flags to pfexec flags. Has anyone else run into this or have any ideas on how to solve this better?
Thanks,
Preston
Brian Coca
Feb 13, 2015, 10:40:28 AM2/13/15
to ansible...@googlegroups.com
I'm currently revamping the privilege escalation system to both
generalize it and allow for easier addition of new systems. Once I
have this working we can look into adapting pfexec.
--
Brian Coca
generalize it and allow for easier addition of new systems. Once I
have this working we can look into adapting pfexec.
--
Brian Coca
Preston Marshall
Mar 2, 2015, 5:53:21 PM3/2/15
to ansible...@googlegroups.com
I ended up just hacking in an if check to just execute things with pfexec instead of sudo with no flags, and it seems to work fine. I know it's ugly but I figured I would at least mention it.
Thanks,
Preston
Reply all
Reply to author
Forward
0 new messages