From aa0b7536c9d19149daa88a1383ced15af59afe88 Mon Sep 17 00:00:00 2001 From: Lars Kellogg-Stedman Date: Fri, 16 Oct 2015 11:15:51 -0400 Subject: [PATCH] correct value of remote_user for local connections When using 'local' connections, privilege escalation would fail if ansible_ssh_user was in the current context to the same value as become_user. This commit ensures that for 'local' connections we reset remote_user to the local username. This fixes #12782. --- lib/ansible/plugins/connection/local.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/ansible/plugins/connection/local.py b/lib/ansible/plugins/connection/local.py index 1838f3e554..c8e2c3852c 100644 --- a/lib/ansible/plugins/connection/local.py +++ b/lib/ansible/plugins/connection/local.py @@ -24,6 +24,7 @@ import shutil import subprocess import select import fcntl +import getpass import ansible.constants as C @@ -41,6 +42,11 @@ class Connection(ConnectionBase): def _connect(self, port=None): ''' connect to the local host; nothing to do here ''' + # Because we haven't made any remote connection we're running as + # the local user, rather than as whatever is configured in + # remote_user. + self._play_context.remote_user = getpass.getuser() + if not self._connected: self._display.vvv("ESTABLISH LOCAL CONNECTION FOR USER: {0}".format(self._play_context.remote_user, host=self._play_context.remote_addr)) self._connected = True