非 root 用户不允许 Ansible chown 操作
Ansible chown operation not permitted for non-root user
我在 Ansible 剧本中有以下内容:
- name: Create certificates directory
file:
dest: "{{ '~/wireguard/certs' | expanduser }}"
state: directory
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}"
mode: 0700
run_once: true
delegate_to: localhost
然而,当它在剧本中得到 运行 时,我得到以下错误:
fatal: [1.2.3.4 -> localhost]: FAILED! => {
"changed": false,
"gid": 1000,
"group": "alex",
"mode": "0755",
"msg": "chown failed: [Errno 1] Operation not permitted: b'/home/alex/wireguard'",
"owner": "alex",
"path": "/home/alex/wireguard",
"size": 4096,
"state": "directory",
"uid": 1000
}
我需要 运行 作为 root 还是其他什么?如果我确实需要 运行 它作为 root,become
工作吗?
Do I need to run this as root or is it something else?
需要root。例如参见 [=16=]
"The super user, root, has the unrestricted capability to change the ownership of any file but normal users can change the ownership of only those files that they own."
这实际上意味着普通用户只能将他们拥有的文件组更改为他们所属的组。
If I do need to run it as root, does become work?
是的。 become works. Frequently used become plugin is sudo。 become_user 的默认值为 root。
- file:
become: yes
become_method: sudo
...
通常,启用 remote/login 用户成为 root。但在您的特定情况下,由于 delegate_to: localhost
,启用 运行 播放的用户。例如更改 localhost
$ grep alex /etc/sudoers
alex ALL=(ALL) NOPASSWD: ALL
有关其他选项,请参阅 plugin list。
我意识到 ansible_user_id
没有我期望的用户名,所以我试图将所有权更改为不存在的用户。我通过为我的本地用户设置一个新变量来修复它。
我在 Ansible 剧本中有以下内容:
- name: Create certificates directory
file:
dest: "{{ '~/wireguard/certs' | expanduser }}"
state: directory
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}"
mode: 0700
run_once: true
delegate_to: localhost
然而,当它在剧本中得到 运行 时,我得到以下错误:
fatal: [1.2.3.4 -> localhost]: FAILED! => {
"changed": false,
"gid": 1000,
"group": "alex",
"mode": "0755",
"msg": "chown failed: [Errno 1] Operation not permitted: b'/home/alex/wireguard'",
"owner": "alex",
"path": "/home/alex/wireguard",
"size": 4096,
"state": "directory",
"uid": 1000
}
我需要 运行 作为 root 还是其他什么?如果我确实需要 运行 它作为 root,become
工作吗?
Do I need to run this as root or is it something else?
需要root。例如参见 [=16=]
"The super user, root, has the unrestricted capability to change the ownership of any file but normal users can change the ownership of only those files that they own."
这实际上意味着普通用户只能将他们拥有的文件组更改为他们所属的组。
If I do need to run it as root, does become work?
是的。 become works. Frequently used become plugin is sudo。 become_user 的默认值为 root。
- file:
become: yes
become_method: sudo
...
通常,启用 remote/login 用户成为 root。但在您的特定情况下,由于 delegate_to: localhost
,启用 运行 播放的用户。例如更改 localhost
$ grep alex /etc/sudoers
alex ALL=(ALL) NOPASSWD: ALL
有关其他选项,请参阅 plugin list。
我意识到 ansible_user_id
没有我期望的用户名,所以我试图将所有权更改为不存在的用户。我通过为我的本地用户设置一个新变量来修复它。