Sorry, user xxxxx is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS

Sorry is this has been posted and answered by I find nothing while searching. I’m attempting to connect to my AIX server but can’t sudo.

Here’s my sudo setup.

xxxxx ALL=(ALL) /usr/bin/su -,/usr/bin/su -

GATHERING FACTS ***************************************************************
<aixserver.com> ESTABLISH CONNECTION FOR USER: userXX
<aixserver.com> REMOTE_MODULE setup CHECKMODE=True
<aixserver.com> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=“/home/userXX/.ansible/cp/ansible-ssh-%h-%p-%r” -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 aixserver.com /bin/sh -c ‘mkdir -p /tmp/ansible-tmp-1457568234.68-267839190034318 && chmod a+rx /tmp/ansible-tmp-1457568234.68-267839190034318 && echo /tmp/ansible-tmp-1457568234.68-267839190034318’
<aixserver.com> PUT /tmp/tmpMNXTOm TO /tmp/ansible-tmp-1457568234.68-267839190034318/setup
<aixserver.com> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=“/home/userXX/.ansible/cp/ansible-ssh-%h-%p-%r” -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 aixserver.com /bin/sh -c ‘sudo -k && sudo -H -S -p “[sudo via ansible, key=stujpsrxsgjiigrjvzefkwkrkuvaxyhs] password: " -u root /bin/sh -c '”’“‘echo BECOME-SUCCESS-stujpsrxsgjiigrjvzefkwkrkuvaxyhs; LANG=C LC_CTYPE=C /usr/bin/python /tmp/ansible-tmp-1457568234.68-267839190034318/setup; rm -rf /tmp/ansible-tmp-1457568234.68-267839190034318/ >/dev/null 2>&1’”‘"’’
failed: [aixserver.com] => {“failed”: true, “parsed”: false}

Sorry, user userXX is not allowed to execute ‘/bin/sh -c echo BECOME-SUCCESS-stujpsrxsgjiigrjvzefkwkrkuvaxyhs; LANG=C LC_CTYPE=C /usr/bin/python /tmp/ansible-tmp-1457568234.68-267839190034318/setup; rm -rf /tmp/ansible-tmp-1457568234.68-267839190034318/ >/dev/null 2>&1’ as root on ti1wps2.
debug1: mux_client_request_session: master session id: 2
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
Shared connection to aixserver.com closed.

TASK: [iib-bin | Change Directory to $IIB_ROOT_INSTALL] ***********************
FATAL: no hosts matched or all hosts have already failed – aborting

PLAY RECAP ********************************************************************
to retry, use: --limit @/home/userXX/site.retry

aixserver.com : ok=0 changed=0 unreachable=0 failed=1

Ansible needs to be able to run ‘ALL’ commands…

so:

xxxx ALL=(ALL) ALL

As it doesn’t run su or anything directly, but runs python which exec’s stuff later.

Mark

What about on cases that you can’t have ALL on the sudoers?

For example i can’t execute /bin/sh with sudo, is there any way to make the module not execute /bin/sh first? Just execute the commands without /bin/sh in the beginning?

Only with ‘raw’, every other module needs a shell and a interpreter (normally python), ansible does not execute shell commands directly in most cases but a script.