New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot restart sshd-service due to lack of privileges #81

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
3 participants
@kivilahtio
Contributor

kivilahtio commented Nov 23, 2016

Environment:
Raspbian Jessie on Raspberry PI 3+

When invoking this role with:

  • hosts: toveri_JOE_ENO
    roles:
    #Configured in group_vars/all/ssh.yml
    • role: dev-sec.ssh-hardening
      become: yes
      tags: ['ssh']

Got this error when running handler "restart sshd":

Unable to restart service ssh: Failed to restart ssh.service: Access denied

This patch fixes this.

Cannot restart sshd-service due to lack of privileges
Environment:
Raspbian Jessie on Raspberry PI 3+

When invoking this role with:

- hosts: toveri_JOE_ENO
  roles:
    #Configured in group_vars/all/ssh.yml
  - role: dev-sec.ssh-hardening
    become: yes
    tags: ['ssh']

Got this error when running handler "restart sshd":

    Unable to restart service ssh: Failed to restart ssh.service: Access denied

This patch fixes this.
@kivilahtio

This comment has been minimized.

Show comment
Hide comment
@kivilahtio

kivilahtio Nov 23, 2016

Contributor

I also realized I get this same behaviour on LXC-containers running Ubuntu 16.04, the error is a bit different:

failure 1 running systemctl show for 'ssh': Failed to connect to bus: No such file or directory

This fixes this issue:

become: yes

I don't know why the privilege escalation doesn't bubble up to the handler.

Contributor

kivilahtio commented Nov 23, 2016

I also realized I get this same behaviour on LXC-containers running Ubuntu 16.04, the error is a bit different:

failure 1 running systemctl show for 'ssh': Failed to connect to bus: No such file or directory

This fixes this issue:

become: yes

I don't know why the privilege escalation doesn't bubble up to the handler.

@rndmh3ro

This comment has been minimized.

Show comment
Hide comment
@rndmh3ro

rndmh3ro Nov 23, 2016

Member

Hey @kivilahtio, what ansible version are you running?

This seems to be an Ansible bug: ansible/ansible#17490

I tested it in Debian 8 with Ansible 2.2.0.0 and its working for me.
I don't know if I want to add a workaround for a problem in Ansible, since its likely to be forgotten.

Member

rndmh3ro commented Nov 23, 2016

Hey @kivilahtio, what ansible version are you running?

This seems to be an Ansible bug: ansible/ansible#17490

I tested it in Debian 8 with Ansible 2.2.0.0 and its working for me.
I don't know if I want to add a workaround for a problem in Ansible, since its likely to be forgotten.

@kivilahtio

This comment has been minimized.

Show comment
Hide comment
@kivilahtio

kivilahtio Nov 23, 2016

Contributor

Sorry. Should have mentioned it:

ansible@hephaestus:~/KSAnsible$ ansible --version
ansible 2.2.0.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides

I wouldn't be surprised there is a Ansible bug.
There seems to be a lot of regression in Ansible.
There seems to be a lot of features too :)

Thanks for commenting!
I am fine with not pushing.

Contributor

kivilahtio commented Nov 23, 2016

Sorry. Should have mentioned it:

ansible@hephaestus:~/KSAnsible$ ansible --version
ansible 2.2.0.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides

I wouldn't be surprised there is a Ansible bug.
There seems to be a lot of regression in Ansible.
There seems to be a lot of features too :)

Thanks for commenting!
I am fine with not pushing.

@rndmh3ro

This comment has been minimized.

Show comment
Hide comment
@rndmh3ro

rndmh3ro Nov 23, 2016

Member

Thanks again. I added a section to the README, in case anyone else runs into this bug.

Member

rndmh3ro commented Nov 23, 2016

Thanks again. I added a section to the README, in case anyone else runs into this bug.

@rndmh3ro rndmh3ro closed this Nov 23, 2016

@rdonkin

This comment has been minimized.

Show comment
Hide comment
@rdonkin

rdonkin Feb 8, 2017

This is supposed to be fixed in Ansible 2.2.1.0 (ansible/ansible#17490) but I ran into it just now on that version... the workaround was to put become: yes on the play or the handler.

I've logged a new issue for the regression in 2.2.1.0: ansible/ansible#21139

Thanks for the README update on this @rndmh3ro, that was very useful!

rdonkin commented Feb 8, 2017

This is supposed to be fixed in Ansible 2.2.1.0 (ansible/ansible#17490) but I ran into it just now on that version... the workaround was to put become: yes on the play or the handler.

I've logged a new issue for the regression in 2.2.1.0: ansible/ansible#21139

Thanks for the README update on this @rndmh3ro, that was very useful!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment