Created
August 26, 2019 06:45
-
-
Save kskmori/08db4ddf511ed08fecff722eb60114d7 to your computer and use it in GitHub Desktop.
osc2018tk-demo sudo install debug.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- hosts: 127.0.0.1 | |
connection: local | |
become: true | |
max_fail_percentage: 0 | |
tasks: | |
- name: debug | |
debug: | |
var: ansible_facts | |
- name: user | |
debug: | |
var: ansible_env.SUDO_USER | |
- name: home | |
debug: | |
var: ansible_env.HOME |
=== OSX regular user
[ksk@Tomcat osc2018tk-demo (master)]$ sudo ansible-playbook 00-debug.yml
Password:
(...)
TASK [debug : user] ************************************************************
ok: [127.0.0.1] =>
ansible_env.SUDO_USER: ksk
TASK [debug : home] ************************************************************
ok: [127.0.0.1] =>
ansible_env.HOME: /Users/ksk
PLAY RECAP *********************************************************************
127.0.0.1 : ok=4 changed=0 unreachable=0 failed=0
[ksk@Tomcat osc2018tk-demo (master)]$ ansible-playbook -K 00-debug.yml
SUDO password:
(...)
TASK [debug : user] ************************************************************
ok: [127.0.0.1] =>
ansible_env.SUDO_USER: ksk
TASK [debug : home] ************************************************************
ok: [127.0.0.1] =>
ansible_env.HOME: /var/root
PLAY RECAP *********************************************************************
127.0.0.1 : ok=4 changed=0 unreachable=0 failed=0
=== Linux root (revised)
[root@tm200-1 osc2018tk-demo (master)]# sudo ansible-playbook ./ansible-virtualbmc/dev/00-debug.yml
(...)
TASK [user] ******************************************************************************************************************
ok: [127.0.0.1] =>
ansible_env.SUDO_USER: root
TASK [home] ******************************************************************************************************************
ok: [127.0.0.1] =>
ansible_env.HOME: /root
PLAY RECAP *******************************************************************************************************************
127.0.0.1 : ok=4 changed=0 unreachable=0 failed=0
[root@tm200-1 osc2018tk-demo (master)]# ansible-playbook -K ./ansible-virtualbmc/dev/00-debug.yml
SUDO password:
(...)
TASK [user] ******************************************************************************************************************
ok: [127.0.0.1] =>
ansible_env.SUDO_USER: VARIABLE IS NOT DEFINED!
TASK [home] ******************************************************************************************************************
ok: [127.0.0.1] =>
ansible_env.HOME: /root
PLAY RECAP *******************************************************************************************************************
127.0.0.1 : ok=4 changed=0 unreachable=0 failed=0
Summary: sudo
vs. -K
as ansible-playbook local privilege escalation methods
- sudo ansible-playbook
- HOME is different between Linux and OSX
- Linux: root's home
- OSX: regular user's home - this is OSX's default
- HOME is different between Linux and OSX
- ansible-playbook -K
- HOME is different from the default
sudo
behavior on OSX, but behaves similar to Linux - SUDO Password is always asked even if already in root
- SUDO_USER env var is not set if already in root
- HOME is different from the default
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
=== Linux regular user