Awx: Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user

Created on 10 Oct 2017  ยท  4Comments  ยท  Source: ansible/awx
ISSUE TYPE

  • Bug Report
COMPONENT NAME

  • UI
SUMMARY


In my playbook, I need to become a "non-root" user (become_user: user1).

ENVIRONMENT

Chrome

STEPS TO REPRODUCE


On playbook with become "non-root" user escalation.

EXPECTED RESULTS


On Ansible Tower, launching the same playbook I have no error and we see a sudo in the debug message :

EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=60 -o ControlPath=/tmp/ansible_tower_mnllKi/cp/%h%p%r server1 '/bin/sh -c '"'"'**sudo -H -S -n -u user1 /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-jkukqsralylqokbrfuyaizwikoucnypn; /usr/bin/python**'"'"'"'"'"'"'"'"' && sleep 0'"'"''

ACTUAL RESULTS


AWX displays the following error :

"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of /tmp/ansible-tmp-1507640208.53-227607229839391/': Operation not permitted\nchown: changing ownership of/tmp/ansible-tmp-1507640208.53-227607229839391/command.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user".

In debug mode, the following message is display :

SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=60 -o ControlPath=/tmp/awx_253_i9fKoF/cp/%h%p%r server1 '/bin/sh -c '"'"'chown user1 /tmp/ansible-tmp-1507640208.53-227607229839391/ /tmp/ansible-tmp-1507640208.53-227607229839391/command.py && sleep 0'"'"''

api medium needs_info bug
Source
picture icsm2017

Most helpful comment

When pasting output, please take the time to properly format it. If you are not familiar with Markdown please read up on it here: https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet#code

picture shanemcd on 10 Oct 2017
👎5 👍4

All 4 comments

When pasting output, please take the time to properly format it. If you are not familiar with Markdown please read up on it here: https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet#code

shanemcd picture shanemcd on 10 Oct 2017
👎5 👍4

This seems like there may be an issue on the remote system that ansible is having trouble with... does this work with standalone ansible (outside of Tower)?

matburt picture matburt on 11 Oct 2017

After some research and testing, it seems that the standalone version (2.4) has a bug. I find article who relate this bug : https://github.com/ansible/ansible/issues/31125.
The resolution appears to be corrected in 2.4.1.

icsm2017 picture icsm2017 on 11 Oct 2017

Excellent

matburt picture matburt on 11 Oct 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

artmakh picture artmakh  ยท  3Comments
kakkotetsu picture kakkotetsu  ยท  3Comments
astraios picture astraios  ยท  3Comments
IMOKURI picture IMOKURI  ยท  3Comments
gamuniz picture gamuniz  ยท  3Comments