使用“sudo bash"通过ansible提升用户权限 [英] using 'sudo bash' to elevate user permission with ansible

问题描述

我目前正在开发一个系统，该系统成为 root 的唯一方法是通过命令sudo bash".我的意图是使用 Ansible 安装依赖项和配置文件，目前记录的权限提升方法不适用于我当前的系统设置.

I am currently working on a system that the only way to become root is via the command "sudo bash". My intentions are to use Ansible to install dependencies and configure files, and the currently documented methods of privilege escalation do not work with my current system setup.

推荐答案

如果只有 sudo bash 可供您使用，那么带有控制器的 ansible <-> 远程主机连接不是一个好的选择因为这是一个 权限提升功能的已知限制.

If only sudo bash is available for you, then ansible with a controler <-> remote host connection is not a good candidate as this is a known limitation of the privilege escalation feature.

进一步解释一下，Ansible 模块命令使用当前的 remote_user 作为临时 Python 序列化文件发送到远程主机.对于权限提升，这些文件使用 sudo 运行.在此处查看有关其工作原理的更详细说明.

To explain a bit further, Ansible module commands are sent to the remote host using the current remote_user as temporary python serialized files. For privilege escalation, those files are run with sudo. See a more detailed description of how this works here.

直接在主机上成为 root 后，您仍然可以运行 ansible(在您的剧本中以 localhost 为目标).您可能想看看 ansible pull 这将让你从像 git 这样的 VCS 中获取和运行剧本.

You can still run ansible after becoming root directly on the host (targeting localhost in you playbook). You may want to have a look at ansible pull which will let you fetch and run a playbook out of a VCS like git.

这篇关于使用“sudo bash"通过ansible提升用户权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！