Edit current user's shell with ansible

Question

I'm trying yo push my dot files and some personal configuration files to a server (I'm not root or sudoer). Ansible connects as my user in order to edit files in my home folder.

I'd like to set my default shell to usr/bin/fish. I am not allowed to edit /etc/passwd so

user:
  name: shaka
  shell: /usr/bin/fish

won't run.

I also checked the chsh command but the executable prompt for my password.

How could I change my shell on such machines ? (Debian 8, Ubuntu 16, Opensuse)

score 24 · Answer 1 · answered Jan 12 '20 at 04:45

I know this is old, but I wanted to post this in case anyone else comes back here looking for advise like I did:

If you're running local playbooks, you might not be specifying the user and expecting to change the shell of user you're running the playbook as.

The problem is that you can't change the shell without elevating the privileges (become: yes), but when you do - you're running things as root. Which just changes the shell of the root user. You can double check that this is the case by looking at /etc/passwd and seeing what the root shell is.

Here's my recipe for changing the shell of the user running the playbook:

- name: set up zsh for user
  hosts: localhost
  become: no
  vars:
    the_user: "{{ ansible_user_id }}"
  tasks:
    - name: change user shell to zsh 
      become: yes
      user:
        name: "{{ the_user }}"
        shell: /bin/zsh

This will set the variable the_user to the current running user, but will change the shell of that user using root.

OP says that they do not have root/sudo privileges, so using `become` is useless to them. Nice answer despite that! — Jivan Pal, Nov 26 '22 at 19:11

score 8 · Accepted Answer · answered Dec 22 '17 at 23:26

I ended up using two ansible modules :

ansible expect
ansible prompt

First I record my password with a prompt :

vars_prompt:
  - name: "my_password"
    prompt: "Enter password"
    private: yes

And then I use the module expect to send the password to the chsh command :

tasks:
  - name: Case insensitve password string match
    expect:
      command: "chsh -s /usr/bin/fish"
      responses:
        (?i)password: "{{ my_password }}"
      creates: ".shell_is_fish"

The creates sets a lock file avoiding this task to be triggered again. This may be dangerous because the shell could be changed after and ansible will not update it (because of the lock still present). You may want to avoid this behaviour.

score 4 · Answer 3 · edited Nov 23 '21 at 12:26

4

Here is how I do it:

- name: Set login shell of user {{ ansible_env.USER }} to `/bin/zsh` with `usermod`
  ansible.builtin.command: usermod --shell /bin/zsh {{ ansible_env.USER }}
  become: true
  changed_when: false

edited Nov 23 '21 at 12:26

pflakus

99
6

answered Sep 08 '21 at 12:06

trallnag

2,041
1
17
33

score -14 · Answer 4 · answered Apr 22 '17 at 19:48

-14

Ubuntu 16

add first line in ~/.bashrc

/usr/bin/fish && exit

answered Apr 22 '17 at 19:48

quest

1

7

This does not answer the question at all. Even if someone wanted to change his shell, you would use `chsh`. This is a total dirty hack. – mbuechmann Dec 17 '18 at 17:39

Edit current user's shell with ansible

4 Answers4