On Tue, 14 Jun 2022 at 12:20, 'Shivakumar Venkataswamy' via Ansible Project <ansible-project@googlegroups.com> wrote:
> what is mean by IMHO > > how can i execute all commands through playbook by a normal user with root > access. > You don't seem to understand the concept of privilege escalation. Hopefully this will enough to help you: https://docs.ansible.com/ansible/latest/user_guide/become.html On Tuesday, 14 June 2022 at 14:14:33 UTC+5:30 ra...@linuxia.de wrote: > >> On 14/06/2022 10:21, 'Shivakumar Venkataswamy' via Ansible Project wrote: >> > ansible is user account we created and member of sudor's ( >> /etc/sudoers) with full privileges' same as root. >> > >> IMHO the privileges are only the same when using the "sudo" command. >> >> Regards >> >> Racke >> >> >> > >> > On Tuesday, 14 June 2022 at 13:16:48 UTC+5:30 ra...@linuxia.de wrote: >> > >> > On 14/06/2022 09:16, 'Shivakumar Venkataswamy' via Ansible Project >> wrote: >> > > Hi team, >> > > look at my playbook >> > > --- >> > > - hosts: all >> > > become: true >> > > become_user: ansible >> > > tasks: >> > > - name: add a user to the list of AllowUsers if not present >> > > vars: >> > > usernames: >> > > - shivakumar.venkataswamy >> > > - karthik.reddy >> > > - aman.saxena >> > > lineinfile: >> > > path: /etc/ssh/sshd_config >> > > backrefs: yes >> > > backup: yes >> > > state: absent >> > > regexp: '^AllowUsers((?:(?:\s+\S+(?!\S))(?<!\s{{ usernames >> }}))+\s*?)(\n?)$' >> > > line: 'AllowUsers\1 shivakumar.venkataswamy karthik.reddy >> aman.saxena\2' >> > > validate: /usr/sbin/sshd -t -f %s >> > > >> > Permission denied: '/etc/ssh/sshd_config' >> > >> > The ansible user can't edit the file, so try "become_user: root" in >> your task. >> > >> > Regards >> > Racke >> > >> > > I'm facing below error, >> > > SSH password: >> > > 1 >> > > BECOME password[defaults to SSH password]: >> > > 2 >> > > 3 >> > > PLAY [all] >> *********************************************************************12:45:29 >> >> > > 4 >> > > 5 >> > > TASK [Gathering Facts] >> *********************************************************12:45:29 >> > > 6 >> > > ok: [172.16.13.254] >> > > 7 >> > > 8 >> > > TASK [add a user to the list of AllowUsers if not present] >> *********************12:45:31 >> > > 9 >> > > An exception occurred during task execution. To see the full >> traceback, use -vvv. The error was: IOError: [Errno 13] Permission denied: >> '/etc/ssh/sshd_config' >> > > 10 >> > > fatal: [172.16.13.254]: FAILED! => {"changed": false, >> "module_stderr": "Shared connection to 172.16.13.254 closed.\r\n", >> "module_stdout": "Traceback (most recent call last):\r\n File >> \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", >> line 102, in <module>\r\n _ansiballz_main()\r\n File >> \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", >> line 94, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, >> ANSIBALLZ_PARAMS)\r\n File >> \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", >> line 40, in invoke_module\r\n >> runpy.run_module(mod_name='ansible.modules.files.lineinfile', >> init_globals=None, run_name='__main__', alter_sys=True)\r\n File >> \"/usr/lib64/python2.7… >> > > 11 >> > > 12 >> > > PLAY RECAP >> *********************************************************************12:45:32 >> >> > > 13 >> > > 172.16.13.254 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 >> rescued=0 ignored=0 >> > > -- >> > > You received this message because you are subscribed to the Google >> Groups "Ansible Project" group. >> > > To unsubscribe from this group and stop receiving emails from it, >> send an email to ansible-proje...@googlegroups.com. >> > > To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com >> < >> https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com?utm_medium=email&utm_source=footer >> < >> https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com?utm_medium=email&utm_source=footer>>. >> >> > >> > >> > -- >> > Automation expert - Ansible and friends >> > Linux administrator & Debian maintainer >> > Perl Dancer & conference hopper >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "Ansible Project" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to ansible-proje...@googlegroups.com. >> > > To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/2ea9555c-aa77-4f44-8ef7-e68946e80917n%40googlegroups.com >> < >> https://groups.google.com/d/msgid/ansible-project/2ea9555c-aa77-4f44-8ef7-e68946e80917n%40googlegroups.com?utm_medium=email&utm_source=footer>. >> >> >> >> -- >> Automation expert - Ansible and friends >> Linux administrator & Debian maintainer >> Perl Dancer & conference hopper >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/e23fbbb0-68a3-4554-8b06-8c24787d0392n%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/e23fbbb0-68a3-4554-8b06-8c24787d0392n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Sent from Gmail Mobile -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLZ-jfCiZVbKHmXzR2y%3DWiX-2DNMLrrnYO4550rXfwz7gg%40mail.gmail.com.
