testuser是sudo用户,
sudo cat /etc/sudoers.d/90-cloud-init-testuser testuser ALL=(ALL) NOPASSWD:ALL我可以手动登录testuser并在没有密码的情况下运行以下命令:
sudo -H apt-get update sudo -H apt-get upgrade但是,如果我遵循下面的代码运行,尽管我看到whoami命令返回了testuser,但是代码因致命错误而停止(请参见下面的代码和错误).
我必须将begin_user设置为root才能运行(请参阅我注释掉的行)吗?注意:我可以手动登录testuser并运行sudo命令,我不能使用begin_user = testuser来安装apt吗?请注意,我认为remote_user没关系,因为whoami命令仅取决于begin_user.实际上,我觉得remote_user没用,它只是让我登录.然后whoami成为根用户,如果将begin_user设置为testuser,则whoami成为testuser.
- hosts: all remote_user: ubuntu become: yes become_user: testuser gather_facts: yes become_method: sudo tasks: - name: test which user I am shell: whomami register: hello - debug: msg="{{ hello.stdout }}" - name: Update and upgrade apt. # become_user: root # become: yes apt: update_cache=yes upgrade=dist cache_valid_time=3600 TASK [Update and upgrade apt.] ******************************** fatal: [XX.XX.XX.XX]: FAILED! => {"changed": false, "msg": "'/usr/bin/apt-get dist-upgrade' failed: E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n", "rc": 100, "stdout": "", "stdout_lines": []}解决方案
您需要连接一个具有sudo权限的帐户(在您的情况下为testuser),然后以提升的权限运行播放/任务(become: true,和become: root(默认设置),因此:
- 向ubuntu添加sudo权限,
- 或与testuser连接.
sudo不能像您在问题中所暗示的那样起作用.
任何命令都在特定用户的上下文中运行-testuser或ubuntu或root.没有像运行命令"sudo testuser"那样的事情.
sudo以其他用户身份执行命令(默认情况下为root).执行sudo的用户必须具有适当的权限.
-
如果您以testuser登录并执行sudo -H apt-get update,则与(c > )相同,就如同以root登录并运行apt-get update./p>
-
如果您以ubuntu身份登录并运行sudo -u testuser apt-get update(这是问题中Ansible任务的外壳程序),则-(几乎 * )与如果您使用testuser登录并运行apt-get update.
testuser运行apt-get update会得到一个错误―这就是您得到的.
* 几乎",因为它取决于有关环境变量的设置-与此处的问题无关.
testuser is a sudo user,
sudo cat /etc/sudoers.d/90-cloud-init-testuser testuser ALL=(ALL) NOPASSWD:ALLI can login testuser manually and run following without password:
sudo -H apt-get update sudo -H apt-get upgradebut if I run following ansible code, although I saw whoami command return testuser, then the code stops with fatal error (see code and error below).
Must I set become_user as root in order to run (see the line I comment out)? Note I CAN login testuser manually and run sudo command, can't I use become_user=testuser to Install apt? Note I think remote_user does not matter because whoami command only depends on become_user.in fact I feel remote_user is useless, it just log me in. if become_user is unset. then whoami become root, if become_user is set as testuser, then whoami become testuser.
- hosts: all remote_user: ubuntu become: yes become_user: testuser gather_facts: yes become_method: sudo tasks: - name: test which user I am shell: whomami register: hello - debug: msg="{{ hello.stdout }}" - name: Update and upgrade apt. # become_user: root # become: yes apt: update_cache=yes upgrade=dist cache_valid_time=3600 TASK [Update and upgrade apt.] ******************************** fatal: [XX.XX.XX.XX]: FAILED! => {"changed": false, "msg": "'/usr/bin/apt-get dist-upgrade' failed: E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n", "rc": 100, "stdout": "", "stdout_lines": []}解决方案
You need to connect with an account which has sudo permissions ― in your case testuser ― and then run play/task with elevated permissions (become: true, and become: root which is default), so:
- either add sudo permissions to ubuntu,
- or connect with testuser.
sudo does not work the way you imply in the question.
Any command runs in a context of a specific user ― either testuser, or ubuntu, or root. There is no such thing as running a command as a "sudo testuser".
sudo executes a command as a different user (root by default). User executing sudo must have appropriate permissions.
If you log in as testuser and execute sudo -H apt-get update it is (almost*) the same as if you logged in as root and ran apt-get update.
If you log in as ubuntu and run sudo -u testuser apt-get update (which is a shell counterpart to the Ansible tasks in the question) ― it is (almost*) the same as if you logged on with testuser and ran apt-get update.
testuser running apt-get update will get an error ― and this is what you get.
* "almost", because it depends on settings regarding environment variables ― not relevant to the problem here.
更多推荐
Ansible:即使成为成为user的sudo用户,也无法配置sudo命令
发布评论