when I run my playbook I receive the following error:
TASK [java : test task] ************************************************************************
fatal: [dtest08]: FAILED! => changed=true
module_stderr: |-
Shared connection to 192.168.40.131 closed.
module_stdout: |-
/usr/bin/bash: ucd: No such file or directory
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 127
I would expect the become items on the first task would act the same was as the sudo parameters. My question is what is the best way to accomplish running commands as a non-root user that does not have a login shell.
My use case, is I need to install an application via script file (.sh), and I’m testing with the whoami command for testing since the install script was failing
Perhaps Bash is at /bin/bash (this is the case on older versions of Debian)? EDIT: Clearly Bash is available at /usr/bin/bash as you second example showed.
Running with a higher verbosity level (-vvv or higher) should show the actual escalation command that’s run, which may help in figuring out what’s going on.
-s, --shell
Run the shell specified by the SHELL environment variable
if it is set or the shell specified by the invoking user's
password database entry. If a command is specified, it is
passed to the shell for execution via the shell's -c op‐
tion. If no command is specified, an interactive shell is
executed. Note that most shells behave differently when a
command is specified as compared to an interactive session;
consult the shell's manual for details.
It does not take an argument, so /usr/bin/bash is interpreted by sudo as a positional argument, and due to the different placement of -u ucd in Ansible’s version of the command you get the output that you showed.
Ansible’s sudo usage does not invoke the shell from the user’s password database entry by default, so all you should need to do is specify become_user and not mess with the flags.
- hosts: localhost
tasks:
- command: whoami
become_user: mail
Removing the become_flags from the task worked. I just assumed (I know I shouldn’t assume) that since I need to do that on the command line, I would need to do that here with ansible.
You also don’t need to do that on the command line.
ec2-user@pandora ansible $ sudo -u mail whoami
mail
You do need either -s or to specify a shell as the command (both together works, but unnecessarily spawns two shells) if you want an interactive session, but noninteractive sudo execution doesn’t invoke the user’s shell.
ec2-user@pandora ansible $ sudo -u mail -i
This account is currently not available.
ec2-user@pandora ~ $ sudo -u mail -s
bash-5.1$
exit
ec2-user@pandora ~ $ sudo -u mail /bin/dash
$