Can't use Ansible become on a restricted sudoer user

Question

On my server, I have a sudoer user granted to only run chown in passwordless mode.

so, when I run

  sudo chown mytargetuser:mytargetgroup /my/path

it works. However when I try to do the same in an Ansible playbook :

  tasks:
  - name: change folder ownership
    become: yes
    become_user: root
    become_method: sudo
    file:
      path: "/my/path"
      owner: mytargetuser
      group: mytargetgroup

Ansible returns this error :

 FAILED! => {"changed": false, "module_stderr": "", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

when using directly the shell module works too:

  - name: test via script
    shell : sudo chown mytargetuser:mytargetgroup /my/path

Is there an integrated way to include this behaviour in a playbook or should I remain with my last solution using the shell plugin ?

Regards,

Christophe

Please see this other answer: it's not possible: https://stackoverflow.com/questions/56717879/ansible-behavior-to-specific-sudo-commands-on-managed-nodes — Augusto, Oct 31 '19 at 14:03
please feel free to delete this question. Unfortunately, I cannot mark this one as a duplicate as the other answer is not accepted or upvoted ... — Augusto, Nov 01 '19 at 10:45
No luck, when I try to delete this question, I have the message : An error has occurred - please retry your request. — Christophe SEBILLE, Nov 04 '19 at 17:41

score 0 · Answer 1 · answered Oct 31 '19 at 13:49

0

Pass -K after playbook execution command for become password.

eg, > ansible-playbook sample.yml -K

answered Oct 31 '19 at 13:49

Kandasamy Murugan

105
1
9

Can't use Ansible become on a restricted sudoer user

1 Answers1