Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jail connection ignores sudo_user #6072

Closed
mxey opened this issue Feb 19, 2014 · 3 comments
Closed

Jail connection ignores sudo_user #6072

mxey opened this issue Feb 19, 2014 · 3 comments
Labels
bsd BSD community bug This issue/PR relates to a bug.

Comments

@mxey
Copy link

mxey commented Feb 19, 2014

Issue Type:

Bug Report

Ansible Version:

ansible 1.4.4

Environment:

I am running FreeBSD 10.0-RELEASE and managing 10.0-RELEASE jails.

Summary:

The connection type “jail" ignores the sudo_user setting, commands are always executed as root.

As the connection type uses jexec already, this can probably be fixed trivially by using jexec -U

Steps To Reproduce:
# ansible putover -U mxey -a "id"
Expected Results:
# ansible putover -U mxey -a "id"                                                 :(
putover | success | rc=0 >>
uid=1001(mxey) gid=1001(mxey) groups=1001(mxey),0(wheel)
Actual Results:
 # ansible putover -U mxey -a "id"
putover | success | rc=0 >>
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
@mpdehaan
Copy link
Contributor

Something you would like to help work on perhaps?

@mxey
Copy link
Author

mxey commented Feb 20, 2014

I am unsure if I should support sudo_user or remote_user with jexec, because it won't actually use the sudo command.

@mpdehaan mpdehaan added P4 and removed take_me labels Mar 19, 2014
@mpdehaan mpdehaan added P5 and removed P4 labels Apr 17, 2014
@jimi-c jimi-c removed the P5 label Dec 7, 2015
@mattclay
Copy link
Member

Unfortunately the jexec -U option uses the current host environment as the environment within the jail.

So while some things work as expected:

root@:~ # jexec -U testing freebsd_10_2 grep testing /etc/passwd
testing:*:1001:1001:Testing:/home/testing:/bin/sh

root@:~ # jexec -U testing freebsd_10_2 id
uid=1001(testing) gid=1001(testing) groups=1001(testing)

Others do not:

root@:~ # jexec -U testing freebsd_10_2 /bin/sh -c 'echo $HOME'
/root

At a minimum, we'll need $HOME to be correct in the jail. This may be a starting point:

root@:~ # jexec -U testing freebsd_10_2 env -i sh -c 'HOME=~testing env'
PWD=/
HOME=/home/testing

@mattclay mattclay mentioned this issue Mar 26, 2016
Merged
@bcoca bcoca closed this as completed in b60062b Mar 28, 2016
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 6, 2018
@dagwieers dagwieers added the bsd BSD community label Jan 18, 2019
@ansible ansible locked and limited conversation to collaborators Apr 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bsd BSD community bug This issue/PR relates to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mpdehaan @jimi-c @mxey @dagwieers @mattclay @ansibot