Ansible:即使成为成为user的sudo用户，也无法配置sudo命令

编程入门行业动态更新时间:2024-10-28 07:18:31

本文介绍了Ansible:即使成为成为user的sudo用户，也无法配置sudo命令的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！问题描述

testuser是sudo用户，

sudo cat /etc/sudoers.d/90-cloud-init-testuser testuser ALL=(ALL) NOPASSWD:ALL

我可以手动登录testuser并在没有密码的情况下运行以下命令:

sudo -H apt-get update sudo -H apt-get upgrade

但是，如果我遵循下面的代码运行，尽管我看到whoami命令返回了testuser，但是代码因致命错误而停止(请参见下面的代码和错误).

我必须将begin_user设置为root才能运行(请参阅我注释掉的行)吗?注意:我可以手动登录testuser并运行sudo命令，我不能使用begin_user = testuser来安装apt吗?请注意，我认为remote_user没关系，因为whoami命令仅取决于begin_user.实际上，我觉得remote_user没用，它只是让我登录.然后whoami成为根用户，如果将begin_user设置为testuser，则whoami成为testuser.

- hosts: all remote_user: ubuntu become: yes become_user: testuser gather_facts: yes become_method: sudo tasks: - name: test which user I am shell: whomami register: hello - debug: msg="{{ hello.stdout }}" - name: Update and upgrade apt. # become_user: root # become: yes apt: update_cache=yes upgrade=dist cache_valid_time=3600 TASK [Update and upgrade apt.] ******************************** fatal: [XX.XX.XX.XX]: FAILED! => {"changed": false, "msg": "'/usr/bin/apt-get dist-upgrade' failed: E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n", "rc": 100, "stdout": "", "stdout_lines": []}

解决方案

您需要连接一个具有sudo权限的帐户(在您的情况下为testuser)，然后以提升的权限运行播放/任务(become: true，和become: root(默认设置)，因此:

向ubuntu添加sudo权限，
或与testuser连接.

sudo不能像您在问题中所暗示的那样起作用.

任何命令都在特定用户的上下文中运行-testuser或ubuntu或root.没有像运行命令"sudo testuser"那样的事情.

sudo以其他用户身份执行命令(默认情况下为root).执行sudo的用户必须具有适当的权限.

如果您以testuser登录并执行sudo -H apt-get update，则与(c >
如果您以ubuntu身份登录并运行sudo -u testuser apt-get update(这是问题中Ansible任务的外壳程序)，则-(几乎 * )与如果您使用testuser登录并运行apt-get update.

testuser运行apt-get update会得到一个错误―这就是您得到的.

* 几乎"，因为它取决于有关环境变量的设置-与此处的问题无关.

testuser is a sudo user,

sudo cat /etc/sudoers.d/90-cloud-init-testuser testuser ALL=(ALL) NOPASSWD:ALL

I can login testuser manually and run following without password:

sudo -H apt-get update sudo -H apt-get upgrade

but if I run following ansible code, although I saw whoami command return testuser, then the code stops with fatal error (see code and error below).

Must I set become_user as root in order to run (see the line I comment out)? Note I CAN login testuser manually and run sudo command, can't I use become_user=testuser to Install apt? Note I think remote_user does not matter because whoami command only depends on become_user.in fact I feel remote_user is useless, it just log me in. if become_user is unset. then whoami become root, if become_user is set as testuser, then whoami become testuser.

解决方案

You need to connect with an account which has sudo permissions ― in your case testuser ― and then run play/task with elevated permissions (become: true, and become: root which is default), so:

either add sudo permissions to ubuntu,
or connect with testuser.

sudo does not work the way you imply in the question.

Any command runs in a context of a specific user ― either testuser, or ubuntu, or root. There is no such thing as running a command as a "sudo testuser".

sudo executes a command as a different user (root by default). User executing sudo must have appropriate permissions.

If you log in as testuser and execute sudo -H apt-get update it is (almost*) the same as if you logged in as root and ran apt-get update.
If you log in as ubuntu and run sudo -u testuser apt-get update (which is a shell counterpart to the Ansible tasks in the question) ― it is (almost*) the same as if you logged on with testuser and ran apt-get update.

testuser running apt-get update will get an error ― and this is what you get.

* "almost", because it depends on settings regarding environment variables ― not relevant to the problem here.

更多推荐

Ansible:即使成为成为user的sudo用户,也无法配置sudo命令

本文发布于:2023-10-06 18:01:59，感谢您对本站的认可！

本文链接:https://www.elefans.com/category/jswz/34/1467613.html