From e55e123c01ef72bd8b436c457e6b4aa460685848 Mon Sep 17 00:00:00 2001 From: willthames Date: Thu, 4 Apr 2013 13:10:30 +1000 Subject: [PATCH 1/2] Added DEFAULT_EXECUTABLE as a constant Use DEFAULT_EXECUTABLE when no executable is passed to _low_level_command_exec Works as a standard constant - can be overridden in all the normal ways and defaults to /bin/sh Motiviation is for a user that only has /bin/bash in /etc/sudoers --- lib/ansible/constants.py | 1 + lib/ansible/runner/__init__.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py index bf1df51a87..fb6af67afc 100644 --- a/lib/ansible/constants.py +++ b/lib/ansible/constants.py @@ -95,6 +95,7 @@ DEFAULT_SUDO_EXE = get_config(p, DEFAULTS, 'sudo_exe', 'ANSIBLE_SUDO_EX DEFAULT_SUDO_FLAGS = get_config(p, DEFAULTS, 'sudo_flags', 'ANSIBLE_SUDO_FLAGS', '-H') DEFAULT_HASH_BEHAVIOUR = get_config(p, DEFAULTS, 'hash_behaviour', 'ANSIBLE_HASH_BEHAVIOUR', 'replace') DEFAULT_JINJA2_EXTENSIONS = get_config(p, DEFAULTS, 'jinja2_extensions', 'ANSIBLE_JINJA2_EXTENSIONS', None) +DEFAULT_EXECUTABLE = get_config(p, DEFAULTS, 'executable', 'ANSIBLE_EXECUTABLE', '/bin/sh') DEFAULT_ACTION_PLUGIN_PATH = shell_expand_path(get_config(p, DEFAULTS, 'action_plugins', 'ANSIBLE_ACTION_PLUGINS', '/usr/share/ansible_plugins/action_plugins')) DEFAULT_CALLBACK_PLUGIN_PATH = shell_expand_path(get_config(p, DEFAULTS, 'callback_plugins', 'ANSIBLE_CALLBACK_PLUGINS', '/usr/share/ansible_plugins/callback_plugins')) diff --git a/lib/ansible/runner/__init__.py b/lib/ansible/runner/__init__.py index 6fc7736dcd..a914eea6fd 100644 --- a/lib/ansible/runner/__init__.py +++ b/lib/ansible/runner/__init__.py @@ -527,7 +527,7 @@ class Runner(object): ''' execute a command string over SSH, return the output ''' if executable is None: - executable = '/bin/sh' + executable = C.DEFAULT_EXECUTABLE sudo_user = self.sudo_user rc, stdin, stdout, stderr = conn.exec_command(cmd, tmp, sudo_user, sudoable=sudoable, executable=executable) From c4442ad804995deafd75c767c0ddd1d9486f6de1 Mon Sep 17 00:00:00 2001 From: willthames Date: Fri, 5 Apr 2013 09:39:22 +1000 Subject: [PATCH 2/2] Documented executable setting for ansible.cfg --- examples/ansible.cfg | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/examples/ansible.cfg b/examples/ansible.cfg index b1b4e07d0d..6f472bf66b 100644 --- a/examples/ansible.cfg +++ b/examples/ansible.cfg @@ -79,6 +79,13 @@ sudo_exe=sudo # the default flags passed to sudo # sudo_flags=-H +# all commands executed under sudo are passed as arguments to a shell command +# This shell command defaults to /bin/sh +# Changing this helps the situation where a user is only allowed to run +# e.g. /bin/bash with sudo privileges + +# executable = /bin/sh + # how to handle hash defined in several places # hash can be merged, or replaced # if you use replace, and have multiple hashes named 'x', the last defined