我对如何以root用户运行命令有疑问。该剧本非常简单,创建一个文件夹,然后更改所有者和组
- name: install-home-db | Create scatch directory only if it is needed
become: yes
file:
path: "{{ scratch_patch }}/oracle_{{ db_version | replace('.', '_') }}"
mode: 775
owner: "{{ oracle_user }}"
group: "{{ oracle_group }}"
state: directory
register: oracle_medias
创建文件夹后出现问题,当要设置用户和组时出现问题
在远程服务器中,我没有运行任何sudo命令的权限,但是如果启动命令,我可以成为root用户
sudo rootsh -i -u root
请注意,如果仅使用此命令,则只能运行root用户
sudo rootsh -u root
它不起作用并返回
Sorry, user fcruzloz is not allowed to execute '/usr/bin/rootsh -u root' as root on dcplnx22121944.
那么我该如何使用root用户运行命令? 我尝试在ansible.cfg
中设置以下参数[defaults]
host_key_checking = false
# ask_pass = True
inventory = inventory/hosts
allow_world_readable_tmpfiles = true
remote_user = fcruzloz
executable = /bin/bash
timeout = 50
[privilege_escalation]
become_exe = sudo rootsh
become_user = root
become_flags = -i
但是它仍然失败,因为权限,当用-vvv运行ansible命令时,我认为罪魁祸首是在下一行
<2a00:da9:2:21ca:111:0:427:1> SSH: EXEC ssh -o ControlMaster=no -o ServerAliveInterval=50 -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="fcruzloz"' -o ConnectTimeout=50 -tt 2a00:da9:2:21ca:111:0:427:1 '/bin/bash -c '"'"'sudo rootsh -i -u root /bin/bash -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-eybzqcaxfeytghcwykijkpeqdlpzphdq ; /usr/bin/python /home/admin/fcruzloz/.ansible/tmp/ansible-tmp-1570663425.52-9612101629719/AnsiballZ_file.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
检查/ var / log / messages中的错误时,这很有意义
2019-10-09T16:24:15.472458-07:00 dcplnx22121944 sudo: fcruzloz : command not allowed ; TTY=pts/14 ; PWD=/home/admin/fcruzloz ; USER=root ; COMMAND=/usr/bin/rootsh -i -u root /bin/bash -c echo BECOME-SUCCESS-eybzqcaxfeytghcwykijkpeqdlpzphdq ; /usr/bin/python /home/admin/fcruzloz/.ansible/tmp/ansible-tmp-1570663425.52-9612101629719/AnsiballZ_file.py
2019-10-09T16:24:15.625928-07:00 dcplnx22121944 sshd[16027]: Connection closed by 2a00:da9:ffa0:8601::2
如果我直接在服务器中运行ansible命令,则表示类似以下内容(这不是完全相同的命令),它将失败
fcruzloz@dcplnx22121944:/home/admin/fcruzloz> sudo rootsh -i -u root /bin/bash -c 'echo test'
Sorry, user fcruzloz is not allowed to execute '/usr/bin/rootsh -i -u root /bin/bash -c echo test' as root on dcplnx22121944.
我想我需要做一些类似的操作,例如将命令重定向到新的root shell,但是我无法做到这一点,我尝试使用openvt,但没有得到它
那么您有什么主意吗? 在此先感谢您的帮助
我的控制机制低于linux风格
NAME="SLES"
VERSION="12-SP2"
VERSION_ID="12.2"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP2"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp2"
SUSE Linux Enterprise Server 12 (x86_64)
VERSION = 12
PATCHLEVEL = 2
答案 0 :(得分:0)