将文件复制到远程服务器，但是在属于其他用户的目录中? [英] copy files to remote servers but in a directory which belongs to some other user?

问题描述

我正在研究一个ansible剧本，它将我的tasks.tar.gz文件复制到远程服务器，并将其解压缩到远程服务器上的特定目录中.

I am working on an ansible playbook which copies my tasks.tar.gz file to remote servers and uncompress it into a particular directory on remote servers.

我正在以用户david的身份在machineA上运行我的剧本，因此我将david用户的公钥从machineA添加到所有远程服务器authorized_key文件中，以便我无需输入密码即可使用ssh我想以无密码方式运行我的Ansible Playbook.

I am running my playbook on machineA as user david so I added public key of david user from machineA to all the remote servers authorized_key file so that I can ssh without typing my password because I want to run my ansible playbook passwordless.

---
- hosts: ALL
  serial: 3
  tasks:
      - name: copy and untar latest tasks.tar.gz file
        unarchive: src=tasks.tar.gz dest=/data/files/tasks/

      - name: sleep for few seconds
        pause: seconds=20

我现在遇到的问题是，因为远程服务器上的此"/data/files/tasks/"目录属于其他用户(goldy)，因此由于我正在运行我的剧本，因此它无法复制和解压缩tasks.tar.gz文件我猜是david用户.

Now problem I am having is since this "/data/files/tasks/" directory on remote servers belongs to some other user (goldy) so it can't copy and uncompress tasks.tar.gz file because I am running my playbook as david user I guess.

ansible-playbook -e 'host_key_checking=False' test2.yml

我想以无密码用户david的身份来运行我的ansible剧本，但它应该能够将文件复制到属于goldy用户的目录中的所有远程服务器中.我尝试使用become和become_user玩游戏，但这对我没有用.我还有什么需要做的吗?

I want to run my ansible playbook as user david passwordless but it should be able to copy files into all the remote servers in a directory which belongs to user goldy. I tried playing with become and become_user but it didn't worked for me. Is there anything else I need to do?

  - name: copy and untar latest tasks.tar.gz file
    unarchive: src=tasks.tar.gz dest=/data/files/tasks/
    become: true
    become_user: goldy
    become_method: sudo

这是我得到的错误:

"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of ‘/tmp/ansible-tmp-1518323151.21-195554555527544/’: Operation not permitted\nchown: changing ownership of ‘/tmp/ansible-tmp-1518323151.21-195554555527544/stat.py’: Operation not permitted\n}).

推荐答案

由于您暗示已为连接的用户david配置sudo，因此，最简单的操作是使用提升的权限复制文件并设置其权限.通过unarchive模块的owner参数对goldy的所有权:

Since you hint on having sudo configured for your connecting user david, the simplest thing you can do is use elevated permissions to copy the file and set its an ownership to goldy through owner parameter of the unarchive module:

- name: copy and untar latest tasks.tar.gz file
  unarchive:
    src: tasks.tar.gz
    dest: /data/files/tasks/
    owner: goldy
  become: true

---

关于如何配置sudoer以允许代表root以外的用户执行命令的问题，您需要了解sudo和sudoers的实际工作方式(请参阅

---

For the question of how to configure sudoers to allow for executing commands on behalf of a user other than root, you need to learn how sudo and sudoers actually work (see the manual).

这篇关于将文件复制到远程服务器，但是在属于其他用户的目录中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！