Skip to content

Instantly share code, notes, and snippets.

@hostmaster

hostmaster/gist:50ca3ccf5f4ee7f81330

Forked from jimi-c/gist:afba796f0177d431e34f
Last active August 29, 2015 14:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hostmaster/50ca3ccf5f4ee7f81330 to your computer and use it in GitHub Desktop.
Save hostmaster/50ca3ccf5f4ee7f81330 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.md

Playbook:

- hosts: all
  gather_facts: no
  remote_user: root
  roles:
  - { role: test_become_r2, sudo_user: testing }
  tasks:
  - command: whoami
  - command: whoami
    become_user: testing
  - block:
    - command: whoami
  - block:
    - command: whoami
    become_user: testing

The roles are simple, r2 lists r1 as a dependency, and both simply do:

- debug: msg="..."
- command: whoami

Output:

TASK [test_become_r1 : debug msg=this is test_become_r1] ************************
ok: [localhost] => {
    "msg": "this is test_become_r1", 
    "changed": false
}

TASK [test_become_r1 : command] *************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:13:38.894205", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:13:38.891473", "delta": "0:00:00.002732", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

TASK [test_become_r2 : debug msg=this is test_become_r2] ************************
ok: [localhost] => {
    "msg": "this is test_become_r2", 
    "changed": false
}

TASK [test_become_r2 : command] *************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:13:39.465954", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:13:39.463465", "delta": "0:00:00.002489", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.156469", "stdout": "root", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.153427", "delta": "0:00:00.003042", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["root"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.346618", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.344034", "delta": "0:00:00.002584", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.525066", "stdout": "root", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.522358", "delta": "0:00:00.002708", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["root"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.808344", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.805680", "delta": "0:00:00.002664", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

All four whoami commands with become_user specified correctly switched privileges to the specified user. The role specifying sudo_user also switched all tasks to the new user too (as well as for the dependencies). This will make grouping commands with common privilege escalation needs much easier!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment