@ -250,14 +250,26 @@ documentation. The <cite>user</cite> is just the name of the user account:</p>
</div>
<p>Support for running things from sudo is also available:</p>
<divclass="highlight-python"><pre>---
- hosts: webservers
user: yourname
sudo: True</pre>
</div>
<p>You can also login as you, and then sudo to different users than root:</p>
<divclass="highlight-python"><pre>---
- hosts: webservers
user: yourname
sudo: True
sudo_user: privileged_user</pre>
sudo_user: postgres</pre>
</div>
<p>If you need to specify a password to sudo, run <cite>ansible-playbook</cite> with <ttclass="docutils literal"><spanclass="pre">--ask-sudo-pass</span></tt> (<cite>-K</cite>).
If you run a sudo playbook and the playbook seems to hang, it’s probably stuck at the sudo prompt.
Just <cite>Control-C</cite> to kill it and run it again with <cite>-K</cite>.</p>
<p>NOTE: When using <cite>sudo_user</cite> to a user other than root, the module arguments are briefly written into
a random tempfile in /tmp. These are deleted immediately after the command is executed. This only
occurs when sudoing from a user like ‘bob’ to ‘timmy’, not when going from ‘bob’ to ‘root’, or
logging in directly as ‘bob’ or ‘root’. If this concerns you that this data is briefly readable
(not writeable), avoid transferring uncrypted passwords with <cite>sudo_user</cite> set. In other cases, ‘/tmp’ is not used and
this does not come into play. Ansible also takes care to not log password parameters.</p>
</div>
<divclass="section"id="vars-section">
<h3>Vars section<aclass="headerlink"href="#vars-section"title="Permalink to this headline">¶</a></h3>
@ -487,7 +499,7 @@ package is installed. Try it!</p>
Michael DeHaan
13 years ago