On my Linux machine, there are three user levels in the system.
- base_user
- higher_user
- root
I remotely connect via SSH, to the machine at base_user level. My ssh key setup lets me login as base_user automatically. then I want to change as higher_user which does not have sudo privilege. From ansible document(http://docs.ansible.com/ansible/latest/become.html), become and become_user require sudo on base_user in order to become higher_user. I do not want to let higher_user or base_user to have sudo privilege.
Is there any workaround to just purely do following in ansible?
1. login as base_user with ssh key setup
2. switch user to higher_user with password input
This line in your sudoers file will allow base_user to use sudo to run commands as higher_user. It won't allow base_user to run commands as root or any other user.
base_user ALL=(higher_user) ALL
From there you can use become and become_user in your playbook.
- hosts: some_host
become: True
become_user: higher_user
tasks:
...
When you run ansible-playbook you will need to provide base_user's password with --ask-become-pass (-K).