From b5061bb62e63b73994b46682bb76559ccb16a119 Mon Sep 17 00:00:00 2001 From: Stephen Fromm Date: Tue, 10 Apr 2012 16:27:19 -0700 Subject: [PATCH] Verify that effective uid == remote_user when transport is local Raise exception if effective uid of process is not the same as remote_user. --- lib/ansible/runner.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/ansible/runner.py b/lib/ansible/runner.py index 2093cac655a..2e14b517bf5 100755 --- a/lib/ansible/runner.py +++ b/lib/ansible/runner.py @@ -22,6 +22,7 @@ import fnmatch import multiprocessing import signal import os +import pwd import Queue import random import traceback @@ -115,6 +116,9 @@ class Runner(object): self.basedir = basedir self.sudo = sudo + euid = pwd.getpwuid(os.geteuid())[0] + if self.transport == 'local' and self.remote_user != euid: + raise Exception("User mismatch: expected %s, but is %s" % (self.remote_user, euid)) if type(self.module_args) != str: raise Exception("module_args must be a string: %s" % self.module_args)