New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added su capability #744

Closed
wants to merge 1 commit into
base: devel
from

Conversation

Projects
None yet
2 participants
@willthames
Contributor

willthames commented Aug 1, 2012

I have tested this to a reasonable degree, it seems to work well with my use cases.

There are some definite improvements to be made to how configurations are applied, but I've seen you allude to that elsewhere. That would reduce the repeated code in ansible and ansible-playbook. Anyway, one for another time.

This adds a -S command line flag, it currently reuses --sudo_user (-U). It automatically asks for a password for the relevant user.

The one area of contention might be the change to paramiko_ssh - I've removed the random prompt used in the -p argument to sudo so that the same code can be used for sudo and su. If there was a compelling reason for the randbits, it might make sense to use slightly different code paths at that point.

added su capability using -S command line flag - no flag for setting
password, that gets requested automatically.
@willthames

This comment has been minimized.

Show comment
Hide comment
@willthames

willthames Aug 1, 2012

Contributor

Results:

[will@tangerine ansible]$ ansible fake -m shell -a 'whoami | tr "a-z" "A-Z"' -S -U ansitest -u will
ansitest password: 
127.0.0.2 | success | rc=0 >>
ANSITEST
Contributor

willthames commented Aug 1, 2012

Results:

[will@tangerine ansible]$ ansible fake -m shell -a 'whoami | tr "a-z" "A-Z"' -S -U ansitest -u will
ansitest password: 
127.0.0.2 | success | rc=0 >>
ANSITEST
@mpdehaan

This comment has been minimized.

Show comment
Hide comment
@mpdehaan

mpdehaan Aug 1, 2012

Contributor

I don't want to encourage any usage of "su" when sudo is available for that purpose. Feels redundant.

Contributor

mpdehaan commented Aug 1, 2012

I don't want to encourage any usage of "su" when sudo is available for that purpose. Feels redundant.

@mpdehaan mpdehaan closed this Aug 1, 2012

@willthames

This comment has been minimized.

Show comment
Hide comment
@willthames

willthames Aug 1, 2012

Contributor

It's not redundant. I have no sudo access to the servers I use (I only have certain permissions - if I had full control ansible wouldn't be as compelling as it is!).

I can log onto the servers using my account, then su to the account that runs whatever service it is and manage the software that way. I cannot do the same with sudo, I just don't have the privileges.

Contributor

willthames commented Aug 1, 2012

It's not redundant. I have no sudo access to the servers I use (I only have certain permissions - if I had full control ansible wouldn't be as compelling as it is!).

I can log onto the servers using my account, then su to the account that runs whatever service it is and manage the software that way. I cannot do the same with sudo, I just don't have the privileges.

@mpdehaan

This comment has been minimized.

Show comment
Hide comment
@mpdehaan

mpdehaan Aug 3, 2012

Contributor

That's annoying. Please tell your admins/users/customers/etc that I said they have their security priorities messed up.

What we may want to do instead is make connections (more) pluggable to where you could easily fork the connection type.

I'm also not really comfortable with removal of the random sudo prompt code as it took us a while to get there to where it was decently reliable.

Contributor

mpdehaan commented Aug 3, 2012

That's annoying. Please tell your admins/users/customers/etc that I said they have their security priorities messed up.

What we may want to do instead is make connections (more) pluggable to where you could easily fork the connection type.

I'm also not really comfortable with removal of the random sudo prompt code as it took us a while to get there to where it was decently reliable.

@willthames willthames referenced this pull request Aug 9, 2012

Closed

Added su capability #814

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment