Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Privilege escallation not working when connection docker #53385
Ansible become is not working with a user different then root.
For become method sudo the error message is:
OS / ENVIRONMENT
Ansible host OS RHEL7
STEPS TO REPRODUCE
Start an image created by molecule (adds Python and other things to use ansible for containers) and add an additional user with permissions to become root.
--- - hosts: all tasks: - name: try become method sudo become: yes become_method: sudo command: whoami register: who ignore_errors: True - debug: var: who - name: try become method su become: yes become_method: su command: whoami register: who ignore_errors: True - debug: var: who - name: try become method sudo /bin/su become: yes become_method: sudo /bin/su - command: su - "test" -c whoami register: who ignore_errors: True - debug: var: who - name: fail fail:
Privilege escalation is working without any issue.
ansible-playbook -i hosts test.yml -c docker -vvvv
Looking at the plugin code I would say that privilege escalation is not supported by the plugin. It inspects the container and the default exec user is
The only quick solution to test I may think of is giving the
In my opinion this is feature request not a bug.
@jojo221119 Why don't you use
@lorin maintainership is essentially $team_docker, but I think nobody of us has much experience with this plugin, so it's not really maintained at the moment.
@felixfontein The playbooks I develop are aimed to run against real servers using the SSH connection type.