+1 I have a similar request where I want puppet apply to run as a non-root user.

The ability to provision as the vagrant user would be really cool.

7even: vagrant already uses vagrant user(config.ssh.username) for provisioning. this request is to use separate provision user from ssh user.

Yes, I also meant that - to provision as vagrant user (as with default config.ssh.username) but login via vagrant ssh as my own user (which doesn't exist yet when provisioning for the first time).

The shell provisioner now supports doing this and the Puppet provisioner will have it soon (tracked in another issue).

Great! Where's the corresponding commit/documentation?

1370

Perhaps I'm missing something big here but, I don't see how #1370 resolves this issue.

Ah sorry, I didn't read this totally right. Even so, I don't want to support arbitrary users. It is easy enough to provision as root (default) and then do a su -u and execute as any user you want.

i tried using su but couldn't due to subtle things like the tty/ssh-agent pipe being owned by the initial user. My workaround is to ssh again as the newuser@localhost, which is why I opened this bug in the first place.

If I'm understanding correctly, it's not easy to provision as vagrant user, and ssh as a different user?

Vagrant has all the same problems as you if it were to su. The reason forwarding agents doesn't work with su is because you must presere the SSH_AUTH_SOCK env var. And Vagrant doesn't use a tty so you'd have to request that, as well.

i think you may be misunderstanding me.

My goal is to have all vagrant commands use user "vagrant" and "vagrant ssh" use my username.

Ah, sorry. You can do that with both the shell and puppet provisioners now. With vagrant ssh you can just do vagrant ssh-config and change the user info as you see fit.

An example is needed here. You're proposing the asker do the following:

vagrant ssh-config > myconf
# modify myconf to have the desired username
ssh -F myconf default

This works, but I think the asker had a legitimate feature request for a nicer solution than this.

Since then I have thought of an alternate solution to avoid the double ssh is to use a shell alias/function: vagrant ssh <host> -- -l $USER Though this is less flexible as I have to ask my users to do extra work to use the Vagrantfile, so my double ssh solution is good enough.

Same need here: I would like use standard boxes (vagrant/root accounts only) to provision, but setup another ssh login for vagrant ssh. (the aim is to provide ready-to-use dev-boxes with the right login for users).

Because the Vagrantfile is a ruby file (an amazing idea btw, i have been doing that since i saw vagrant do it) there is a very simple solution for this:

VAGRANT_COMMAND = ARGV[0]

Vagrant.configure("2") do |config|
  if VAGRANT_COMMAND == "ssh"
      config.ssh.username = 'other_username'
  end

  ...
end

So when you do vagrant ssh its going to use other_username but when you do vagrant provision it will still use the default vagrant user.

nice! i like the solution. thanks

@danielfrg Thanks.

provision is running root by default, this should be written in the doc more clearly.

@ldong For most provisioning backends it defaults to using sudo however some(all?) can be disabled. For example the shell provisioner has an option privileged to disable running as root. https://docs.vagrantup.com/v2/provisioning/shell.html