Getting Root Privileges in Ansible

Getting root privileges in ansible

The problem was that i had no permission to run /bin/sh. I needed to set the executable to /bin/bash - this can be done in ansible's config file. So in the current directory i created the ansible.cfg file with the following contents:

executable = /bin/bash

and that was it!

Ansible non-root sudo user and become privilege escalation

Why am I getting permission denied?

Because APT requires root permissions (see the error: are you root?) and you are running the tasks as david.

Per these settings:

become: true
become_user: david
become_method: sudo

Ansible becomes david using sudo method. It basically runs its Python script with sudo david in front.

the user 'david' on the remote box has sudo privileges.

It means david can execute commands (some or all) using sudo-executable to change the effective user for the child process (the command). If no username is given, this process runs as the root account.

Compare the results of these two commands:

$ sudo whoami
root
$ sudo david whoami
david

Back to the APT problem, you (from CLI) as well as Ansible (connecting with SSH using your account) need to run:

sudo apt-get install sqlite3

not:

sudo david apt-get install sqlite3

which will fail with the very exact message Ansible displayed.

The following playbook will escalate by default to the root user:

---
- name: Testing...   
  hosts: all
  become: true

  tasks:
    - name: Just want to install sqlite3 for example...
      apt: name=sqlite3 state=present

Related Topics