Ansible 中 become 和 become_user 的区别 [英] Difference between become and become_user in Ansible
问题描述
最近我开始深入研究 Ansible 并编写自己的剧本.但是,我在理解 become
和 become_user
之间的区别时遇到了麻烦.据我了解,become_user
类似于 su
,而 become
的意思类似于 sudo su
或以 sudo 用户身份执行所有命令".但有时这两个指令是混合的.
Recently I started digging into Ansible and writing my own playbooks. However, I have a troubles with understanding difference between become
and become_user
.
As I understand it become_user
is something similar to su <username>
, and become
means something like sudo su
or "perform all commands as a sudo user". But sometimes these two directives are mixed.
你能解释一下它们的正确含义吗?
Could you explain the correct meaning of them?
推荐答案
become_user
定义用于 权限提升.
become
只是一个标志来激活或停用相同的东西.
become
simply is a flag to either activate or deactivate the same.
以下是三个应该清楚的例子:
Here are three examples which should make it clear:
这个任务将以
root
执行,因为root
是提权的默认用户:
This task will be executed as
root
, becauseroot
is the default user for privilege escalation:
- do: something
become: true
这个任务将作为用户someone
执行,因为用户是明确设置的:
This task will be executed as user someone
, because the user is explicitly set:
- do: something
become: true
become_user: someone
这个任务不会对 become_user
做任何事情,因为 become
没有设置并且默认为 false
/no代码>:
This task will not do anything with become_user
, because become
is not set and defaults to false
/no
:
- do: something
become_user: someone
...除非在更高级别将 become 设置为 true
,例如块、剧本、组或主机变量等.
...unless become was set to true
on a higher level, e.g. a block, the playbook, group or host-vars etc.
这是一个带有块的示例:
- become: true
block:
- do: something
become_user: someone
- do: something
第一个以用户 someone
运行,第二个以 root
运行.
The first 1st is ran as user someone
, the 2nd as root
.
据我所知, become_user 类似于 su ,而 become 意味着类似于 sudo su 或以 sudo 用户身份执行所有命令".
As I understand it become_user is something similar to su , and become means something like sudo su or "perform all commands as a sudo user".
默认的 become_method
是 sudo
,所以 sudo do something
或 sudo -u
The default become_method
is sudo
, so sudo do something
or sudo -u <become_user> do something
Fineprint:当然做:某事";是伪代码.将您的实际 Ansible 模块放在那里.
Fineprint: Of course "do: something" is pseudocode. Put your actual Ansible module there.
这篇关于Ansible 中 become 和 become_user 的区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!