Super User Asked on January 5, 2022
I have to deal with a setup in "/etc/sudoers" that I can’t change because the servers in question are managed by a different team and they don’t want to change it.
I have root access only by sudoing to another account first. My account is only allowed to run the specific command "sudo su – admin" (no additional arguments can be appended). Then, as user "admin", I can run any root commands normally with sudo (e.g., "sudo vi /etc/shadow", etc.) or open a root shell with "sudo -s" or "sudo su -", etc.
I want to run Ansible ad-hoc commands and playbooks as root (e.g., "become: yes") on these servers from a different server that I control, but it would require that Ansible first run "sudo su – admin", then run the normal "sudo" command.
I know you can create custom become methods. This seems to me the way to solve this problem, but the specific solution is beyond me. Can anyone help with this?
BTW, if it helps, "NOPASSWD:" is set for both my account and "admin" in "/etc/sudoers".
you can use --become --become-user admin on ansible adhoc or use yaml below on ansible playbook.
- name: Run a command as nobody
command: somecommand
become: yes
become_user: admin
become_method: su
if you need spesific become method you can use --become-method su, the default --become-method is sudo.
Answered by nothinux on January 5, 2022
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP