问题
Recently I started digging into Ansible and writing my own playbooks. However, I have a troubles with understanding difference between become and become_user.
As I understand it become_user is something similar to su <username>, and become means something like sudo su or "perform all commands as a sudo user". But sometimes these two directives are mixed.
Could you explain the correct meaning of them?
回答1:
become_user defines the user which is being used for privilege escalation.
become simply is a flag to either activate or deactivate the same.
Here are three examples which should make it clear:
This task will be executed as
root, becauserootis the default user for privilege escalation:- do: something become: yesThis task will be executed as user
someone, because the user is explciitly set:- do: something become: yes become_user: someoneThis task will not do anything with
become_user, becausebecomeis not set and defaults tofalse/no:- do: something become_user: someone...unless become was set to
trueon a higher level, e.g. a block, the playbook, group or host-vars etc.Here is an example with a block:
- become: yes block: - do: something become_user: someone - do: somethingThe first 1st is ran as user
someone, the 2nd asroot.
As I understand it become_user is something similar to su , and become means something like sudo su or "perform all commands as a sudo user".
The default become_method is sudo, so sudo do something or sudo -u <become_user> do something
Fineprint: Of course "do: something" is pseudocode. Put you actual Ansible module there.
回答2:
become: yes=sudobecome_user: user_name=sudo -u user_namebecome: yesbecome_user: rootis equivalent ofbecome: yes
this link is explaining the difference clearly.
来源:https://stackoverflow.com/questions/38290143/difference-between-become-and-become-user-in-ansible