I wanted to validate my logic on something.
If you are sudoing to a user other than root, you have to transfer a module file. For legacy modules it's a module file + an arguments file, but that's simply not true if you are using one of the newer style modules -- just one file to transfer. Easy enough.
When this happens, the initial module file transfer has to happen as YOU, before you sudo.
In this event the file is written into the original user's homedir, as while I can chmod, only root is allowed to chown.
An obvious solution that comes up, which I have rejected, is if sudoing to non-root to write the module file into /tmp, but this is horrible, because there is a brief (sub second) window when it would be manipulable before it is executed. Some sort of way to sign off on this could be added, I guess, but it seems that in doing so we make an unwise decision.
The solution here, as it has been, is to set ANSIBLE_REMOTE_TMP to a directory that both the originating user and the sudo_user, which can be /tmp if you so desire and have chosen to do so. However this variable is used all the time. Perhaps what we really want is something like ANSIBLE_SUDO_NONROOT_TMP? But that seems obscure…
Either way, if you do it wrong, you get a permission denied error, and that usually results in someone wanting to ask a question. As you may know, I like to code around questions so they are self explanatory and don't get asked a lot.
Now, what I could do is look if ANISBLE_REMOTE_TMP is not set by the user, and try to use "/tmp", and print out a big scary warning. I could do that. But I haven't, because I thought this was generally risky.
Thoughts on how to make this smoother? Do we just allow ANSIBLE_SUDO_TO_NON_ROOT_UNSAFELY or something, off by default?
(By the way, we're going to have a config file soon… it will be totally optional. I recognize that we now have too many environment variable thingies, I'll still respect those, but I also don't want to add everything to the CLI either…so… yeah, it will be easy to see what things are easily tweakable without inside knowledge soon enough)
If this is confusing and you've never tried to do this, please ignore me… I know it's probably a reasonably small minority that isn't logging in as them and moving to root, or just being them, or just being root. Sudoing from "bob" to "timmy" is a corner case, but I would like to make it smoother if possible.
--Michael