In our org, privileged access is provided in the following way
For switching to the root user on DEV boxes,
sudo bash
For executing specific sudo commands, prefeix sudo to the command. Example
sudo yum install git
For switching to a different user account, use sudo su
sudo su username
I know that ansible doesn’t support this chaining very well(at least with old versions)
I’m currently using the below custom su_exe script to support this
#!/bin/sh
if [ $1 == “root” ]; then
#get rid of root -c
shift 2
sudo bash -c “$@”
else
sudo su “$@”
fi
I have the below configuration in ansible.cfg
[defaults]
executable = /bin/bash
host_key_checking = False
su_exe = ~/su.sh
The playbook copies su.sh (the su executable) to the user’s home directory before triggering any task which has su set to yes
Are there any possible flaws in the way I’m trying to do this? Since su and sudo are deprecated, is there a way to do something similar using Ansible’s become? I’m currently using ansible-1.9.4-1.el6.noarch and I’m looking for a better way to accomplish the same