3

I have to administer some half-managed servers (monstly CentOS 6), where we are only allowed to login as a regular user, then do "sudo su -" and type the regular user password, and then run the commands within the root shell. I have been searching how to do this with some configuration management tools (ansible, capistrano, etc.), but haven't found anything. Any experience with a similar situation? I have to say we are NOT able/allowed to change the allowed sudo commands, so it's mandatory that the tools use "sudo su -" and the run the appropiate commands. Also, we are not allowed to install any software in the machines (yes, it is a very restrictive client), so all commands must be run using ssh and password authentication.

Regards and thanks in advance.

okelet
  • 161

2 Answers2

2

Change privilage escalation in ansible.cfg:

[privilege_escalation]
become_exe='sudo su -'

Documentation here

Josh Zhang
  • 179
0

If you have sudo, you can use Fabric for code deployments (and use it to hook into git), installing and removing software (though I guess you won't need that functionality), create/remove users, and other uses like that. It's not as feature rich as configuration management software like Puppet, but you can get a lot done with it, and it's reasonably quick and easy to learn.

Roger Sherman
  • 106