"sudo su user" and "sudo bash" for privilege escalation

In our org, privileged access is provided in the following way

For switching to the root user on DEV boxes,

sudo bash

For executing specific sudo commands, prefeix sudo to the command. Example
sudo yum install git

For switching to a different user account, use sudo su
sudo su username

I know that ansible doesn’t support this chaining very well(at least with old versions)

I’m currently using the below custom su_exe script to support this

#!/bin/sh
if [ $1 == “root” ]; then
#get rid of root -c
shift 2
sudo bash -c “$@”

else
sudo su “$@”
fi

I have the below configuration in ansible.cfg

[defaults]
executable = /bin/bash
host_key_checking = False
su_exe = ~/su.sh

The playbook copies su.sh (the su executable) to the user’s home directory before triggering any task which has su set to yes

Are there any possible flaws in the way I’m trying to do this? Since su and sudo are deprecated, is there a way to do something similar using Ansible’s become? I’m currently using ansible-1.9.4-1.el6.noarch and I’m looking for a better way to accomplish the same :slight_smile: