Ansible 权限问题 [英] Ansible Permissions Issue

问题描述

我正在尝试将当前用户添加到系统中的一个组，然后执行需要该组权限的命令.我的剧本是这样的:

I'm trying to add the current user to a group in the system, then execute a command that requires permission for that group. My playbook is like so:

- name: Add this user to RVM group
  sudo: true
  user: state=present name=vagrant append=yes groups=rvm group=rvm
- name: Install Ruby 1.9.3
  command: rvm install ruby-1.9.3-p448 creates=/usr/local/rvm/bin/ruby-1.9.3-p448

问题是所有这些都发生在同一个 shell 中.vagrant 的 shell 尚未使用新组进行更新.是否有一种干净的方法可以在 Ansible 中刷新用户的当前组?我想我需要让它重新连接或打开一个新的外壳.

The problem is that all of this is happening in the same shell. vagrant's shell hasn't been updated with the new groups yet. Is there a clean way to refresh the user's current groups in Ansible? I figure I need to get it to re-connect or open a new shell.

但是我尝试打开一个新的外壳，它只是挂起:

However I tried opening a new shell and it simply hangs:

- name: Open a new shell for the new groups
  shell: bash

当然挂了:进程永不退出！

Of course it hangs: the process never exits!

与 newgrp 相同

Same thing with newgrp

- name: Refresh the groups
  shell: newgrp

因为它基本上做同样的事情.

Because it basically does the same thing.

有什么想法吗?

推荐答案

阅读手册.

这里的一个解决方案是对 'command' 或 'shell' 模块使用 'executable' 参数.

A solution here is to use the 'executable' parameter for either the 'command' or 'shell' modules.

所以我尝试像这样使用命令模块:

So I tried using the command module like so:

- name: install ruby 1.9.3
  command: rvm install ruby-1.9.3-p448 executable=/bin/bash creates=/usr/local/rvm/bin/ruby-1.9.3-p448
  ignore_error: true

但是剧本无限期地挂了.手册指出:

But the playbook hung indefinitely. The manual states:

如果您想通过 shell 运行命令(假设您使用 <、>、| 等)，您实际上需要 shell 模块.命令模块更安全，因为它不受用户的影响环境.

If you want to run a command through the shell (say you are using <, >, |, etc), you actually want the shell module instead. The command module is much more secure as it's not affected by the user's environment.

所以我尝试使用 shell 模块:

So I tried using the shell module:

- name: install ruby 1.9.3
  shell: rvm install ruby-1.9.3-p448 executable=/bin/bash creates=/usr/local/rvm/bin/ruby-1.9.3-p448
  ignore_error: true

它有效！

这篇关于Ansible 权限问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！