On Tuesday, November 26, 2013 9:44:37 AM UTC+11, Melissa Tan wrote: > > > After it is set, I'm faced with a password prompt when no password > required is already done. So it is actually executing sudo, but sudo isn't > setup to authorized the command that Ansible is pushing through. The > sudoers file is not very large and the Unix Sys Admins want to keep it > simple... so it pretty much boils down to the following: > > Cmnd_Alias ADMIN_COM = sudoedit /etc/hosts, \ > /usr/bin/su - ipadm, \ > /usr/bin/su - ldapadm, \ > /usr/bin/su - cqadm > > %apadm ALL=(ALL) NOPASSWD: ADMIN_COM > > The issue with this is that you're not allowed to sudo to the target user, you're allowed to sudo to root, then execute 'su - ' to switch to the target user. This won't work is you want to 'sudo -u cmd', as Ansible is, presumably, doing.
Ask your sysadmin to set something like the following in sudoers: %apadm ALL=(root) sudoedit /etc/hosts %apadm ALL=(ipadm, ldapadm, cdadm) NOPASSWD: ALL -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
