Can you please help me with the below:
In my org, I am not allowed to use root as a username while elevating my access. I need to use the below commands:
pbrun /bin/su -
I can also use the below:
pbrun -u myusername /bin/su -
Could you please let me know the config I should place in my playbook to achieve this.
I have tried several combinations of the become parameters without luck.
Ansible does not handle 'chaining' of methods .. also it is redundant
to use pbrun and su, you can either get a shell directly or just use
pbrun to execute things the same way su does.
But if you have no control over the settings, you might be able to
'hack' the become_exe settings to use 'pbrun su' and use pbrun or su
as your become_method.
Thanks Brian!
I did try to modify the become.exe settings for prune but it did not resolve my issue. On trying to remove the
-u parameter, I received timeout when ansible tried to execute the resulting command: pbrun /bin/su -
On trying to alter the settings to pbrun -u myusername /bin/su -, the system did not even execute the pbrun block.
Perhaps the answer is that the system sees no sense in using -u parameter with the same username as that of the
remote_username. Unfortunately, that is precisely what I need to achieve to switch to root.
Please let me know if I am missing something or there is anything else I can try out.
I think I am hitting the same issues … some notes here.
Only “pbrun /bin/su -” is allowed. No extra commands. No “pbrun my_command.sh”. I think this breaks ansible assumptions but is probably fixable with a bit of work. Probably need to send all following commands through STDIN (p.poll()/p.communicate etc) but I need to understand more about how ansible works … looks like a bit of a hacky state machine with text based triggers.
how to did you modified the become.exe settings. In my case ansible is executing the command as “pbrun /bin/su - -u suername”. However if if it get executed as “pbrun -u username /bin/su -” then it will be able to switch to root