become module executable shell problem
55 views
Skip to first unread message
Ricardo Esteves
Nov 14, 2016, 10:42:57 AM11/14/16
to Ansible Project
Hi,
I'm trying to use the become module to execute some commands as root, but i'm having some troubles because of the restrictions i have on remote server.
It seems the become module executes sudo with a shell to execute the commands:
/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=eegsvbeikrvdaoiocjgbkmmujauvqnaf] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-eegsvbeikrvdaoiocjgbkmmujauvqnaf; ...
the problem is that my user doesn't have permissions to execute /bin/sh with sudo: "Sorry, user xxxxxx is not allowed to execute '/bin/sh -c echo BECOME..."
Is there anyway to not run the shell? just run sudo -u root "command" ?
I've tried to change the executable variable to "executable =" on ansible.cfg but then i get this error:
fatal: [XXXXXXXXX]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "command"}, "module_stderr": "", "module_stdout": "usage: sudo -h | -K | -k | -L | -l | -V | -v\r\nusage: sudo [-bEHkPS] [-p prompt] [-u username|#uid] [VAR=value]\r\n {-i | -s | <command>}\r\nusage: sudo -e [-kS] [-p prompt] [-u username|#uid] file ...\r\n", "msg": "MODULE FAILURE"}
I'm trying to use the become module to execute some commands as root, but i'm having some troubles because of the restrictions i have on remote server.
It seems the become module executes sudo with a shell to execute the commands:
/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible, key=eegsvbeikrvdaoiocjgbkmmujauvqnaf] password: " -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-eegsvbeikrvdaoiocjgbkmmujauvqnaf; ...
the problem is that my user doesn't have permissions to execute /bin/sh with sudo: "Sorry, user xxxxxx is not allowed to execute '/bin/sh -c echo BECOME..."
Is there anyway to not run the shell? just run sudo -u root "command" ?
I've tried to change the executable variable to "executable =" on ansible.cfg but then i get this error:
fatal: [XXXXXXXXX]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "command"}, "module_stderr": "", "module_stdout": "usage: sudo -h | -K | -k | -L | -l | -V | -v\r\nusage: sudo [-bEHkPS] [-p prompt] [-u username|#uid] [VAR=value]\r\n {-i | -s | <command>}\r\nusage: sudo -e [-kS] [-p prompt] [-u username|#uid] file ...\r\n", "msg": "MODULE FAILURE"}
Brian Coca
Nov 14, 2016, 11:28:57 AM11/14/16
to ansible...@googlegroups.com
First become is a directive, not a module. The raw module is the only one that does not require anything and it does not work with become.
If you read the docs they specify that Ansible cannot use become and rules that are restrictive at the command level.
----------
Brian Coca
Reply all
Reply to author
Forward
0 new messages