diff --git a/examples/ansible.cfg b/examples/ansible.cfg index b1b4e07d0d..6f472bf66b 100644 --- a/examples/ansible.cfg +++ b/examples/ansible.cfg @@ -79,6 +79,13 @@ sudo_exe=sudo # the default flags passed to sudo # sudo_flags=-H +# all commands executed under sudo are passed as arguments to a shell command +# This shell command defaults to /bin/sh +# Changing this helps the situation where a user is only allowed to run +# e.g. /bin/bash with sudo privileges + +# executable = /bin/sh + # how to handle hash defined in several places # hash can be merged, or replaced # if you use replace, and have multiple hashes named 'x', the last defined diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py index bf1df51a87..fb6af67afc 100644 --- a/lib/ansible/constants.py +++ b/lib/ansible/constants.py @@ -95,6 +95,7 @@ DEFAULT_SUDO_EXE = get_config(p, DEFAULTS, 'sudo_exe', 'ANSIBLE_SUDO_EX DEFAULT_SUDO_FLAGS = get_config(p, DEFAULTS, 'sudo_flags', 'ANSIBLE_SUDO_FLAGS', '-H') DEFAULT_HASH_BEHAVIOUR = get_config(p, DEFAULTS, 'hash_behaviour', 'ANSIBLE_HASH_BEHAVIOUR', 'replace') DEFAULT_JINJA2_EXTENSIONS = get_config(p, DEFAULTS, 'jinja2_extensions', 'ANSIBLE_JINJA2_EXTENSIONS', None) +DEFAULT_EXECUTABLE = get_config(p, DEFAULTS, 'executable', 'ANSIBLE_EXECUTABLE', '/bin/sh') DEFAULT_ACTION_PLUGIN_PATH = shell_expand_path(get_config(p, DEFAULTS, 'action_plugins', 'ANSIBLE_ACTION_PLUGINS', '/usr/share/ansible_plugins/action_plugins')) DEFAULT_CALLBACK_PLUGIN_PATH = shell_expand_path(get_config(p, DEFAULTS, 'callback_plugins', 'ANSIBLE_CALLBACK_PLUGINS', '/usr/share/ansible_plugins/callback_plugins')) diff --git a/lib/ansible/runner/__init__.py b/lib/ansible/runner/__init__.py index 6fc7736dcd..a914eea6fd 100644 --- a/lib/ansible/runner/__init__.py +++ b/lib/ansible/runner/__init__.py @@ -527,7 +527,7 @@ class Runner(object): ''' execute a command string over SSH, return the output ''' if executable is None: - executable = '/bin/sh' + executable = C.DEFAULT_EXECUTABLE sudo_user = self.sudo_user rc, stdin, stdout, stderr = conn.exec_command(cmd, tmp, sudo_user, sudoable=sudoable, executable=executable)