![]() Telling ansible ask for the password has the security advantage that only people who know what is the password can execute codeīut it can be a bit inconvenient on the long run. I guess if the passwords were different on the two machines then it will notice this and ask for the other password as well. It asks for the SUDO password and then uses that on both machines. $ ansible -i inventory.cfg all -a "grep ^root: /etc/shadow" -b -K We can use the -K or -ask-become-pass flag to tell Ansible to ask for the sudo password. "module_stdout": "sudo: a password is required\r\n", It tries to use sudo but fails because sudo needs a password. $ ansible -i inventory.cfg all -a "grep ^root: /etc/shadow" -b The "other" can be configured, but defaults to root which is rather convenient. Only user root can read the /etc/shadow file.Īdding the -b or -become flag tells Ansible to become another user on the remote server. Grep: /etc/shadow: Permission deniednon-zero return code $ ansible -i inventory.cfg all -a "grep ^root: /etc/shadow" ![]() The point is, that only user root has the rights to do this. We just want to display the information about user root in the /etch/shadow file using grep. This is not very sophisticated or useful command. Let's check if we can use Ansible at all. We are running on our manager machine as user foo and we are accessing the remote machine as user foo. We can login as an unprivileged user and then use sudo without providing a password.Īnsible_python_interpreter=/usr/bin/python3 We can login as an unprivileged user and then use sudo after providing the password of the user. We can log in to the remote server as user root using ssh keys. We can log in to the remote server as user root providing password on each login. Some of our options to execute commands as root
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |