Skip to content

Instantly share code, notes, and snippets.

@jimi-c

jimi-c/gist:afba796f0177d431e34f

Last active May 27, 2019 16:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save jimi-c/afba796f0177d431e34f to your computer and use it in GitHub Desktop.
Save jimi-c/afba796f0177d431e34f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.md

Playbook:

- hosts: all
  gather_facts: no
  remote_user: root
  roles:
  - { role: test_become_r2, sudo_user: testing }
  tasks:
  - command: whoami
  - command: whoami
    become_user: testing
  - block:
    - command: whoami
  - block:
    - command: whoami
    become_user: testing

The roles are simple, r2 lists r1 as a dependency, and both simply do:

- debug: msg="..."
- command: whoami

Output:

TASK [test_become_r1 : debug msg=this is test_become_r1] ************************
ok: [localhost] => {
    "msg": "this is test_become_r1", 
    "changed": false
}

TASK [test_become_r1 : command] *************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:13:38.894205", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:13:38.891473", "delta": "0:00:00.002732", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

TASK [test_become_r2 : debug msg=this is test_become_r2] ************************
ok: [localhost] => {
    "msg": "this is test_become_r2", 
    "changed": false
}

TASK [test_become_r2 : command] *************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:13:39.465954", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:13:39.463465", "delta": "0:00:00.002489", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.156469", "stdout": "root", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.153427", "delta": "0:00:00.003042", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["root"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.346618", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.344034", "delta": "0:00:00.002584", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.525066", "stdout": "root", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.522358", "delta": "0:00:00.002708", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["root"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.808344", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.805680", "delta": "0:00:00.002664", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

All four whoami commands with become_user specified correctly switched privileges to the specified user. The role specifying sudo_user also switched all tasks to the new user too (as well as for the dependencies). This will make grouping commands with common privilege escalation needs much easier!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment