archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
stable-2.15
devel
stable-2.16
stable-2.14
stable-2.18
stable-2.17
milestone
stable-2.12
stable-2.13
stable-2.9
stable-2.11
stable-2.3
stable-2.10
stable-2.8
stable-2.4
stable-2.5
stable-2.6
stable-2.7
temp-2.10-devel
mazer_role_loader
stable-2.2
threading_plus_forking
threading_instead_of_forking
stable-2.1
stable-1.9
stable-2.0
stable-2.0.0.1
stable-2.0-network
release1.8.4
release1.8.3
release1.8.2
release1.8.1
release1.8.0
release1.7.2
release1.7.1
release1.7.0
release1.6.8
release1.6.10
release1.6.9
release1.6.7
release1.6.6
release1.6.5
release1.6.4
release1.6.3
release1.6.2
release1.6.1
release1.6.0
release1.5.5
release1.5.4
release1.5.3
release1.5.2
release1.5.1
release1.5.0
v2.14.3
v2.13.8
v2.14.3rc1
v2.13.8rc1
v2.14.2
v2.14.2rc1
v2.14.1
v2.13.7
v2.13.7rc1
v2.14.1rc1
v2.13.6
v2.14.0
v2.14.0rc2
v2.13.6rc1
v2.14.0rc1
v2.14.0b3
v2.13.5
v2.12.10
v2.14.0b2
v2.13.5rc1
v2.12.10rc1
v2.14.0b1
v2.12.9
v2.13.4
v2.13.4rc1
v2.12.9rc1
v2.13.3
v2.12.8
v2.12.8rc1
v2.13.3rc1
v2.13.2
v2.13.2rc1
v2.12.7
v2.13.1
v2.12.7rc1
v2.13.1rc1
v2.12.6
v2.11.12
v2.12.6rc1
v2.11.12rc1
v2.13.0
v2.13.0rc1
v2.13.0b1
v2.12.5
v2.11.11
v2.12.5rc1
v2.11.11rc1
v2.13.0b0
v2.12.4
v2.11.10
v2.12.4rc1
v2.11.10rc1
v2.11.9
v2.12.3
v2.12.3rc1
v2.11.9rc1
v2.12.2
v2.11.8
v2.10.17
v2.12.2rc1
v2.11.8rc1
v2.10.17rc1
v2.12.1
v2.11.7
v2.10.16
v2.10.16rc1
v2.11.7rc1
v2.12.1rc1
v2.12.0
v2.12.0rc1
v2.12.0b2
v2.11.6
v2.10.15
v2.9.27
v2.9.27rc1
v2.10.15rc1
v2.11.6rc1
v2.12.0b1
v2.11.5
v2.10.14
v2.9.26
v2.11.5rc1
v2.10.14rc1
v2.9.26rc1
v2.11.4
v2.10.13
v2.9.25
v2.9.25rc1
v2.10.13rc1
v2.11.4rc1
v2.11.3
v2.10.12
v2.9.24
v2.11.3rc1
v2.10.12rc1
v2.9.24rc1
v2.9.23
v2.10.11
v2.11.2
v2.11.2rc1
v2.10.11rc1
v2.9.23rc1
v2.11.1
v2.10.10
v2.9.22
v2.9.22rc1
v2.10.10rc1
v2.11.1rc1
v2.10.9
v2.9.21
v2.10.9rc1
v2.9.21rc1
v2.11.0
v2.8.20
v2.9.20
v2.10.8
v2.11.0rc2
v2.8.20rc1
v2.9.20rc1
v2.10.8rc1
v2.11.0rc1
stable-2.11-branchpoint
v2.11.0b4
v2.11.0b3
v2.11.0b2
v2.10.7
v2.9.19
v2.10.7rc1
v2.9.19rc1
v2.11.0b1
v2.8.19
v2.9.18
v2.10.6
v2.8.19rc1
v2.9.18rc1
v2.10.6rc1
v2.9.17
v2.10.5
v2.10.5rc1
v2.9.17rc1
v2.8.18
v2.9.16
v2.10.4
v2.8.18rc1
v2.9.16rc1
v2.10.4rc1
v2.8.17
v2.9.15
v2.10.3
v2.8.17rc1
v2.9.15rc1
v2.10.3rc1
v2.10.2
v2.9.14
v2.8.16
v2.8.16rc1
v2.9.14rc1
v2.10.2rc1
v2.10.1
v2.10.1rc3
v2.10.1rc2
v2.8.15
v2.9.13
v2.10.0
v2.9.12
v2.8.14
v2.10.0rc4
v2.10.0rc3
v2.10.0rc2
v2.10.0rc1
v2.9.11
v2.8.13
v2.9.10
v2.10.0b1
stable-2.10-branchpoint
v2.9.9
v2.7.18
v2.8.12
v2.9.8
v2.9.7
v2.8.11
v2.7.17
pre-ansible-base
v2.8.10
v2.8.9
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.8.8
v2.7.16
v2.9.2
v2.9.1
v2.8.7
v2.7.15
v2.9.0
v2.9.0rc5
v2.8.6
v2.7.14
v2.9.0rc4
v2.6.20
v2.9.0rc3
v2.9.0rc2
v2.9.0rc1
v2.8.5
v2.9.0b1
stable-2.9-branchpoint
v2.6.19
v2.7.13
v2.8.4
v2.8.3
v2.6.18
v2.7.12
v2.8.2
v2.8.1
v2.7.11
v2.6.17
v2.8.0
v2.8.0rc3
v2.8.0rc2
v2.8.0rc1
v2.8.0b1
v2.8.0a1
v2.6.16
v2.7.10
v2.6.15
v2.7.9
v2.7.8
v2.6.14
v2.5.15
v2.7.7
v2.6.13
v2.6.12
v2.7.6
v2.5.14
v2.7.5
v2.6.11
v2.6.10
v2.7.4
v2.5.13
v2.7.3
v2.6.9
v2.5.12
v2.6.8
v2.7.2
v2.6.7
v2.5.11
v2.7.1
v2.6.6
v2.7.0
v2.6.5
v2.7.0rc4
v2.5.10
v2.7.0rc3
v2.7.0rc2
v2.5.9
v2.6.4
v2.7.0rc1
v2.7.0b1
v2.7.0.a1
v2.6.3
v2.5.8
v2.6.2
v2.5.7
v2.6.1
v2.5.6
v2.4.6.0-1
v2.6.0
v2.6.0rc5
v2.6.0rc4
v2.4.5.0-1
v2.6.0rc3
v2.5.5
v2.4.5.0-0.1.rc1
v2.6.0rc2
v2.6.0rc1
v2.5.4
v2.6.0a2
v2.6.0a1
v2.5.3
v2.5.2
v2.5.1
v2.4.4.0-1
v2.4.4.0-0.3.rc2
v2.5.0
v2.5.0rc3
v2.5.0rc2
v2.4.4-0.2.rc1
v2.3.4.0-0.1.rc1
v2.5.0rc1
v2.4.4-0.1.beta1
v2.5.0b1
v2.5.0a1
v2.4.3.0-1
v2.4.3.0-0.6.rc3
v2.4.3.0-0.5.rc2
v2.4.3.0-0.4.rc1
v2.4.3-0.3.beta3
v2.4.3.0-0.2.beta2
v2.3.3.0-1
v2.4.3.0-0.1.beta1
v2.4.2.0-1
v2.4.2.0-0.5.rc1
v2.4.2.0-0.4.beta4
v2.3.3.0-0.3.rc3
v2.4.2.0-0.3.beta3
v2.4.2.0-0.2.beta2
v2.4.2.0-0.1.beta1
v2.4.1.0-1
v2.4.1.0-0.4.rc2
v2.3.3.0-0.2.rc2
v2.4.1.0-0.3.rc1
v2.4.1.0-0.2.beta2
v2.3.3.0-0.1.rc1
v2.4.1.0-0.1.beta1
v2.4.0.0-1
v2.4.0.0-0.5.rc5
v2.4.0.0-0.4.rc4
v2.4.0.0-0.3.rc3
v2.4.0.0-0.2.rc2
v2.4.0.0-0.1.rc1
v2.3.2.0-1
v2.3.2.0-0.5.rc5
v2.3.2.0-0.4.rc4
v2.3.2.0-0.3.rc3
v2.3.2.0-0.2.rc2
v2.3.2.0-0.1.rc1
v2.1.6.0-1
v2.3.1.0-1
v2.3.1.0-0.2.rc2
v2.2.3.0-1
v2.1.6.0-0.1.rc1
v2.3.1.0-0.1.rc1
v2.3.0.0-1
v2.3.0.0-0.6.rc6
v2.3.0.0-0.5.rc5
v2.3.0.0-0.4.rc4
v2.2.3.0-0.1.rc1
v2.3.0.0-0.3.rc3
v2.3.0.0-0.2.rc2
v2.2.2.0-1
v2.1.5.0-1
v2.3.0.0-0.1.rc1
v2.1.5.0-0.2.rc2
v2.2.2.0-0.2.rc2
v2.1.5.0-0.1.rc1
v2.2.2.0-0.1.rc1
v2.1.4.0-1
v2.2.1.0-1
v2.1.4.0-0.3.rc3
v2.2.1.0-0.5.rc5
v2.1.4.0-0.2.rc2
v2.2.1.0-0.4.rc4
v2.1.4.0-0.1.rc1
v2.2.1.0-0.3.rc3
v2.2.1.0-0.2.rc2
v2.2.1.0-0.1.rc1
v2.1.3.0-1
v2.2.0.0-1
v2.2.0.0-0.4.rc4
v2.1.3.0-0.3.rc3
v2.1.3.0-0.2.rc2
v2.2.0.0-0.3.rc3
v2.1.3.0-0.1.rc1
v2.2.0.0-0.2.rc2
v2.2.0.0-0.1.rc1
v2.1.2.0-1
v2.1.2.0-0.5.rc5
v2.1.2.0-0.4.rc4
v2.1.2.0-0.3.rc3
v2.1.2.0-0.2.rc2
v2.1.2.0-0.1.rc1
v2.1.1.0-1
v2.1.1.0-0.5.rc5
v2.1.1.0-0.4.rc4
v2.1.1.0-0.3.rc3
v2.1.1.0-0.2.rc2
v2.1.1.0-0.1.rc1
v2.1.0.0-1
v2.1.0.0-0.4.rc4
v2.1.0.0-0.2.rc2
v2.1.0.0-0.3.rc3
v2.1.0.0-0.1.rc1
v2.0.2.0-1
v1.9.6-1
v2.0.2.0-0.4.rc4
v2.0.2.0-0.3.rc3
v1.9.6-0.1.rc1
v2.0.2.0-0.2.rc2
v2.0.2.0-0.1.rc1
v1.9.5-1
v1.9.5-0.1.rc1
v2.0.1.0-1
v2.0.1.0-0.2.rc2
v2.0.1.0-0.1.rc1
v2.0.0.2-1
v2.0.0.1-1
v2.0.0.0-1
v2.0.0-0.9.rc4
v2.0.0-0.8.rc3
v2.0.0-0.7.rc2
v2.0.0-0.6.rc1
v2.0.0-0.5.beta3
v2.0.0-0.4.beta2
v1.9.4-1
v2.0.0-0.3.beta1
v1.9.4-0.3.rc3
v1.9.4-0.2.rc2
v1.9.4-0.1.rc1
v2.0.0-0.2.alpha2
v1.9.3-1
v2.0.0-0.1.alpha1
v1.9.3-0.3.rc3
v1.9.3-0.2.rc2
v1.9.3-0.1.rc1
v1.9.2-1
v1.9.2-0.2.rc2
v1_last
v1.9.2-0.1.rc1
v1.9.1-1
v1.9.1-0.4.rc4
v1.9.1-0.3.rc3
v1.9.1-0.2.rc2
v1.9.1-0.1.rc1
v1.9.0.1-1
v1.9.0-2
v1.9.0-1
v1.9.0-0.2.rc2
v1.9.0-0.1.rc1
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.2
v1.7.1
v1.7.0
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2
v1.1
v1.0
0.8
0.7.2
0.7
0.6
0.5
0.4.1
0.4
0.3.1
0.3
0.01
0.0.1
0.0.2
0.7.1
v0.9
v2.13.10
v2.13.10rc1
v2.13.11
v2.13.11rc1
v2.13.12
v2.13.12rc1
v2.13.13
v2.13.13rc1
v2.13.9
v2.13.9rc1
v2.14.10
v2.14.10rc1
v2.14.11
v2.14.11rc1
v2.14.12
v2.14.12rc1
v2.14.13
v2.14.14
v2.14.14rc1
v2.14.15
v2.14.15rc1
v2.14.16
v2.14.16rc1
v2.14.17
v2.14.17rc1
v2.14.18
v2.14.18rc1
v2.14.4
v2.14.4rc1
v2.14.5
v2.14.5rc1
v2.14.6
v2.14.6rc1
v2.14.7
v2.14.7rc1
v2.14.8
v2.14.8rc1
v2.14.9
v2.14.9rc1
v2.15.0
v2.15.0b1
v2.15.0b2
v2.15.0b3
v2.15.0rc1
v2.15.0rc2
v2.15.1
v2.15.10
v2.15.10rc1
v2.15.11
v2.15.11rc1
v2.15.12
v2.15.12rc1
v2.15.13
v2.15.13rc1
v2.15.1rc1
v2.15.2
v2.15.2rc1
v2.15.3
v2.15.3rc1
v2.15.4
v2.15.4rc1
v2.15.5
v2.15.5rc1
v2.15.6
v2.15.6rc1
v2.15.7
v2.15.7rc1
v2.15.8
v2.15.9
v2.15.9rc1
v2.16.0
v2.16.0b1
v2.16.0b2
v2.16.0rc1
v2.16.1
v2.16.10
v2.16.10rc1
v2.16.11
v2.16.11rc1
v2.16.12
v2.16.12rc1
v2.16.13
v2.16.13rc1
v2.16.1rc1
v2.16.2
v2.16.3
v2.16.3rc1
v2.16.4
v2.16.4rc1
v2.16.5
v2.16.5rc1
v2.16.6
v2.16.7
v2.16.7rc1
v2.16.8
v2.16.8rc1
v2.16.9
v2.16.9rc1
v2.17.0
v2.17.0b1
v2.17.0rc1
v2.17.0rc2
v2.17.1
v2.17.1rc1
v2.17.2
v2.17.2rc1
v2.17.2rc2
v2.17.3
v2.17.3rc1
v2.17.4
v2.17.4rc1
v2.17.5
v2.17.5rc1
v2.17.6
v2.17.6rc1
v2.18.0
v2.18.0b1
v2.18.0rc1
v2.18.0rc2
v2.5.0b2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7ba790bbaf'
${ noResults }
ansible/docsite/rst/become.rst

92 lines
4.1 KiB
ReStructuredText
Raw Normal View History Unescape Escape

minor fix to become docs
9 years ago
Become (Privilege Escalation)
+++++++++++++++++++++++++++++
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
Ansible can use existing privilege escalation systems to allow a user to execute tasks as another.
.. contents:: Topics
Become
``````
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
Ansible allows you 'become' another user, different from the user that logged into the machine (remote user). This is done existing
privilege escalation tools, which you probably already use or have configured, like 'sudo', 'su', 'pfexec', 'doas', 'pbrun' and others.
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
.. note:: Before 1.9 Ansible mostly allowed the use of `sudo` and a limited use of `su` to allow a login/remote user to become a different user
and execute tasks, create resources with the 2nd user's permissions. As of 1.9 `become` supersedes the old sudo/su, while still being backwards compatible.
This new system also makes it easier to add other privilege escalation tools like `pbrun` (Powerbroker), `pfexec` and others.
clarified become options do not imply others fixes #14635
9 years ago
.. note:: Setting any var or directive makes no implications on the values of the other related directives, i.e. setting become_user does not set become.
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
Directives
-----------
These can be set from play to task level, but are overriden by connection variables as they can be host specific.
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
become
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
set to 'true'/'yes' to activate privilege escalation.
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
become_user
clarified become options do not imply others fixes #14635
9 years ago
set to user with desired privileges, the user you 'become', NOT the user you login as. Does NOT imply `become: yes`, to allow it to be set at host level.
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
become_method
Add become support for OpenBSD doas
9 years ago
at play or task level overrides the default method set in ansible.cfg, set to 'sudo'/'su'/'pbrun'/'pfexec'/'doas'
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
Connection variables
--------------------
Each allows you to set an option per group and/or host, these are normally defined in inventory but can be used as normal variables.
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
ansible_become
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
equivalent of the become directive, decides if privilege escalation is used or not.
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
ansible_become_method
allows to set privilege escalation method
ansible_become_user
clarified become options do not imply others fixes #14635
9 years ago
allows to set the user you become through privilege escalation, does not imply `ansible_become: True`
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
ansible_become_pass
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
allows you to set the privilege escalation password
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
New command line options
Fix title underline for rst
10 years ago
------------------------
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
--ask-become-pass, -K
ask for privilege escalation password, does not imply become will be used
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
--become, -b
Fixed a few typos in the become documentation
10 years ago
run operations with become (no password implied)
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
Add become support for OpenBSD doas
9 years ago
valid choices: [ sudo | su | pbrun | pfexec | doas ]
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
--become-user=BECOME_USER
clarified become options do not imply others fixes #14635
9 years ago
run operations as this user (default=root), does not imply --become/-b
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
For those from Pre 1.9 , sudo and su still work!
------------------------------------------------
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
For those using old playbooks will not need to be changed, even though they are deprecated, sudo and su directives, variables and options
will continue to work. It is recommended to move to become as they may be retired at one point.
fix typo
9 years ago
You cannot mix directives on the same object (become and sudo) though, Ansible will complain if you try to.
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
revamped become page its not only for the 'upgrade from 1.8' anymore, become is the official way to do things and now presents as such, no need to know about previous options, but still keep info there for those that were using them..
9 years ago
Become will default to using the old sudo/su configs and variables if they exist, but will override them if you specify any of the new ones.
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
.. note:: Privilege escalation methods must also be supported by the connection plugin used, most will warn if they do not, some will just ignore it as they always run as root (jail, chroot, etc).
added notes about privilege escalation limitations
10 years ago
.. note:: Methods cannot be chained, you cannot use 'sudo /bin/su -' to become a user, you need to have privileges to run the command as that user in sudo or be able to su directly to it (the same for pbrun, pfexec or other supported methods).
typo fix
9 years ago
.. note:: Privilege escalation permissions have to be general, Ansible does not always use a specific command to do something but runs modules (code) from a temporary file name which changes every time. So if you have '/sbin/service' or '/bin/chmod' as the allowed commands this will fail with ansible.
added notes about privilege escalation limitations
10 years ago
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
10 years ago
.. seealso::
`Mailing List <http://groups.google.com/group/ansible-project>`_
Questions? Help? Ideas? Stop by the list on Google Groups
`irc.freenode.net <http://irc.freenode.net>`_
#ansible IRC chat channel