i believe the reason we're seeing /Users/nrser/.ssh is because that's the user i'm logged in as on the master and where theid_rsa key that it's using to connect is.
On Thu, Sep 24, 2015, at 11:35 AM, [email protected] wrote: > nrser is the user on my machine. i understood > ansible_ssh_user=sysadmin to mean it would connect as sysadmin. > > this works fine from my machine to the target: > > ssh [email protected] > > i'm able to execute non-sudo tasks just fine, and nrser doesn't exist > as a user on the target machine, so it can't be connecting as nrser... > i'm pretty sure it's connecting as sysadmin > > On Thu, Sep 24, 2015, at 11:28 AM, Joanna Delaporte wrote: >> Hi Neil, >> >> From the debug output, it's trying to connect as nruser: debug1: >> Reading configuration data /Users/nrser/.ssh/config >> >> Do you know where have you specified that ansible should connect as >> nruser? >> >> Joanna >> >> On Thursday, September 24, 2015 at 10:58:36 AM UTC-5, nrser wrote: >>> hey, i'm having issues with privilege escalation on OSX (all >>> machines at version 10.10 with ansible ): >>> >>> we are using ansible to help manage our workstations, and when i >>> execute playbooks locally using ansible_connection=local on the >>> target as the user (josh in this case), tasks with sudo: true >>> work fine >>> >>> when executing from my machine any sudo tasks fail with permissions >>> errors. >>> >>> i'm using an inventory line like >>> >>> josh ansible_ssh_host=Joshs-MacBook-Pro.local >>> ansible_ssh_user=sysadmin ansible_become_user=josh >>> >>> Josh's machine has a sysadmin user that i can log into using my ssh >>> key that is part of the admin group and has >>> >>> sysadmin ALL=(ALL) NOPASSWD:ALL >>> >>> in the /etc/sudoers file. the josh user is also in admin and has "no >>> password" setup in sudoers. >>> >>> when executing from my machine, i get errors like >>> >>> failed: [josh] => {"failed": true, "parsed": false} BECOME-SUCCESS- >>> bcpvkbjdbokqphwizmnpqwllqehnwiyh Traceback (most recent call last): >>> File "/tmp/ansible-tmp-1443108894.49-142723340060191/lineinfile", >>> line 2217, in <module> main() File "/tmp/ansible-tmp-1443108894.49- >>> 142723340060191/lineinfile", line 394, in main ins_aft, ins_bef, >>> create, backup, backrefs) File "/tmp/ansible-tmp-1443108894.49- >>> 142723340060191/lineinfile", line 201, in present f = open(dest, >>> 'rb') IOError: [Errno 13] Permission denied: '/etc/sudoers' >>> OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading >>> configuration data /Users/nrser/.ssh/config debug1: Reading >>> configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: >>> Applying options for * debug1: /etc/ssh_config line 53: Applying >>> options for * debug1: auto-mux: Trying existing master debug1: >>> mux_client_request_session: master session id: 2 Shared connection >>> to Joshs-MacBook-Pro.local closed. >>> >>> >>> FATAL: all hosts have already failed -- aborting >>> >>> i also get errors when trying anything with sudo or become_user, not >>> just touching /etc/sudoers. >>> >>> all the users involved have no-password sudo permissions... i don't >>> understand why they can't escalate. >>> >>> anyone have any info / ideas / suggestions? >>> >>> thanks, Neil. >>> >> >> -- >> You received this message because you are subscribed to a topic in >> the Google Groups "Ansible Project" group. To unsubscribe from this >> topic, visit >> https://groups.google.com/d/topic/ansible-project/0R5zJFy_ywQ/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. To post to this group, >> send email to [email protected]. To view this >> discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/0bc61abd-1f38-43c1-8db3-37ca8d476381%40googlegroups.com[1]. >> For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/0R5zJFy_ywQ/unsubscribe. > To unsubscribe from this group and all its topics, send an email to ansible- [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1443116106.2035999.392714513.75039CAC%40webmail.messagingengine.com[2]. > For more options, visit https://groups.google.com/d/optout. Links: 1. https://groups.google.com/d/msgid/ansible-project/0bc61abd-1f38-43c1-8db3-37ca8d476381%40googlegroups.com?utm_medium=email&utm_source=footer 2. https://groups.google.com/d/msgid/ansible-project/1443116106.2035999.392714513.75039CAC%40webmail.messagingengine.com?utm_medium=email&utm_source=footer -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1443116413.2036857.392720865.05B6D18E%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
