On Mon, Aug 5, 2019, at 5:34 PM, Andrew Morgan wrote:
> Ahh, you are right, I am getting the error:
>
> Sorry, user andrewm is not allowed to execute '/bin/sh -c echo hello from
> bash; python -c 'print "hello"' ' as root on ip-10-0-0-162
>
> but in ansible I am becoming root! Now when I become the root user I am able
> to :
> # sudo /bin/sh -c "echo hello from bash; python -c 'print \"hello\"' "
hello from bash
hello
>
>
> How can I fix this issue?
You need to change your sudo config to allow executing /bin/sh. This has always
been an Ansible requirement - to be able to use privilege escalation, you need
to let sudo run arbitrary commands.
The relevant config to fix should be somewhere in /etc/sudoers or some file in
/etc/sudoers.d. The specific config varies from installation to installation,
and changing it has security implications. So if you have a different person
handling system level setup (you mentioned in your first mail that there are
certain security requirements at work) you should definitely work with them to
change this, else you can leave your system vulnerable in an unexpected way.
Else if you can do this yourself, look up "man sudoers" to understand the
current config and change it.
- Sandip
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/6b26a7ca-7d14-49d9-9bfb-5dac07401434%40www.fastmail.com.