I want to perform some actions, that do not require using the Administrator account. For example, cloning a git repo or creating a folder.
I tried this:
- name: Create gogo1 directory
win_shell: mkdir c:\tmp\gogo1
become: yes
become_user: vagrant
vars:
ansible_become_pass: vagrant
This creates the desired directoy, but when I am logged in as user vagrant and try to remove it I get:
You'll need to provide administrator permission to delete this folder.
The user Vagrant is not given any permissions to the folder gogo1. I need to do this in addition:
- name: Change owner of gogo1
win_owner:
path: c:\tmp\gogo1
user: vagrant
recurse: yes
Using win_psexec works as intended. It creates the directory, gives user vagrant the permissions, and thus I can delete it without being prompted with the above message.
- name: Create gogo2 directory
win_psexec:
command: cmd /k "cd c:\tmp && mkdir gogo && exit"
username: vagrant
password: vagrant
How can I use become and become_user to create a folder (or do clone a git repo) and giving the user all necessary permissions and ownership (like win_psexec does?
For become to work as you want you need it to login interactively so the profile for the user is loaded when the folder is created.
To do this you can try to set the login_flags (Ansible 2.5+) on become like so:
- name: Create gogo1 directory
win_shell: mkdir c:\tmp\gogo1
become: yes
become_user: vagrant
become_flags: logon_type=interactive logon_flags=with_profile
vars:
ansible_become_pass: vagrant
You can read all the specifics on become_flags here:
http://docs.ansible.com/ansible/latest/user_guide/become.html