as there is no password prompt, and "usera" is not a sudoer, the below will not work.
`sudo su - userb` is achievable because of PAM auth (meaning LDAP). I believe that is impossible this issue to be resolved at the playbook level. I am trying to experiment with `-vvvv` and the options below, but with not much luck.. `sudo_flags` has been set to `-H` here is some documentation: sudo_user = the default user to sudo to ask_sudo_pass = this controls whether an Ansible playbook should prompt for a sudo password by default when sudoing ask_pass = controls whether an Ansible playbook should prompt for a password by default remote_user = This is the default username ansible will connect as for /usr/bin/ansible-playbook. Note that /usr/bin/ansible will always default to the current user if this is not defined become = The equivalent of adding sudo: or su: to a play or task, set to true/yes to activate privilege escalation. become_method = Set the privilege escalation method. The default is sudo, other options are su, pbrun, pfexec, doas, ksu become_user = The equivalent to ansible_sudo_user or ansible_su_user, allows to set the user you become through privilege escalation. become_ask_pass = Ask for privilege escalation password, the default is False sudo_flags = Note that ā-nā will conflict with using password-less sudo auth, such as pam_ssh_agent_auth On Sat, Nov 18, 2017 at 12:41 AM Moreno Garcia <[email protected]> wrote: > - name: Run a command as the userb user > command: somecommand > become: true > become_user: userb > > > On Friday, November 17, 2017 at 2:17:15 PM UTC-2, Nikos Skalis wrote: > >> Could you please advise how >> >> usera@serverX:~> sudo su - userb >> Last login: Fri Nov 17 15:46:48 CET 2017 on pts/1 >> -bash-4.2$ >> (note that no password requested above) >> >> translates into ansible ? >> >> >> More specifically, I would like to login to linux server X as `usera` >> then become `userb` (with the command above), and then execute all the >> tasks defined in the playbook as `userb` >> >> The following are configuration options in `ansible.cfg`: >> >> sudo_user = root >> #ask_sudo_pass = True >> #ask_pass = True >> #remote_user = root >> #become=True >> #become_method=sudo >> #become_user=root >> #become_ask_pass=False >> >> I am having trouble understanding the difference between the above >> configuration options. >> >> Niko >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/4V-Ak8wa7Nk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/5df5e1cb-cb3b-43d1-9977-6441e434df75%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/5df5e1cb-cb3b-43d1-9977-6441e434df75%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALV87tBSkPagfbpzwSynfXq4K0eGjju1M%2BPLYe4uftRQzq5haQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
