I am wondering whether granted limited write access to the postgres user (who
is the one executing that TASK) to only write files like postgresql.*.service
inside /etc/systemd/system could be a solution. I guess using the template
module would be the way to do this.
postgres@server> sudo -l
system access is granted pretty specific (and pretty limited). The fear is not
so much a hacker but our own staff should only be able to execute very specific
commands (and creating anything in /etc not bein one of those for a member of
the database team) he or she is supposed to execute.
Apologize for the error that , it was a typo tbh. Well the issue is still
present.
Thanks
Reehan
On Thu, Sep 1, 2022, 11:56 PM Dick Visser wrote:
>
>
> On Thu, 1 Sep 2022 at 19:45, Mohammed Reehan
> wrote:
>
>> Hello Experts,
>>
>> Need your kind help, i am running a basic POST call using ansi
On Thu, 1 Sep 2022 at 19:45, Mohammed Reehan wrote:
> Hello Experts,
>
> Need your kind help, i am running a basic POST call using ansible uri
> module with Basic Authencation
> below is the programtic code but i am getting 403 error.
>
> ---
> -name: Request API Token
> ansible.builtin.uri:
>
Hello Experts,
Need your kind help, i am running a basic POST call using ansible uri
module with Basic Authencation
below is the programtic code but i am getting 403 error.
---
-name: Request API Token
ansible.builtin.uri:
url: "https"//vrlcm.local/lcm/authzn/api/login"
method: POST
When confronted by a lack of privileges to be able to accomplish certain
tasks given to me, I've usually resorted to creating a ticket with my
'resolution', and escalating to the SysAdmins and let them 'deal' with the
issue. (Usually limited access on specific servers). If they get enough
tick
The sudo privileges granted to "remote_user" needs be to be limitless.
Execute ALL commands as ALL users. One cannot restrict to executing a single
binary like 'useradd' because it's running a module with a random name.
It's either all or nothing.
Regards,
Stan
From: 'Rowe, Walter P. (Fed)
Nope. Ansible uses sudo to elevate privileges on Linux. If you don't have a
service account that can sudo, you can't do this with ansible. Your service
account is the "remote_user" that ansible uses to SSH into the machine. The
sudoers file must grant this account sudo rights.
It does not have
Hi,
On Thu, Sep 01, 2022 at 07:15:42AM +0200, dulhaver via Ansible Project wrote:
> the challenge I am facing is that the only way to do this manually
> is via
>
>sudo systemctl edit --full postgresql@[db_service_name].service
If you can use sudo then can you not just do the equivalent of
s