ansible.builtin.runas – Run As user

Note

This become plugin is part of ansible-core and included in all Ansible installations. In most cases, you can use the short plugin name runas even without specifying the collections: keyword. However, we recommend you use the FQCN for easy linking to the plugin documentation and to avoid conflicting with other collections that may have the same become plugin name.

New in version 2.8: of ansible.builtin

Synopsis

  • This become plugins allows your remote/login user to execute commands as another user via the windows runas facility.

Parameters

Parameter

Comments

become_flags

string

Options to pass to runas, a space delimited list of k=v pairs

Default: “”

Configuration:

  • INI entries:

    [privilege_escalation]
    become_flags =
    
    [runas_become_plugin]
    flags =
    
  • Environment variable: ANSIBLE_BECOME_FLAGS

  • Environment variable: ANSIBLE_RUNAS_FLAGS

  • Variable: ansible_become_flags

  • Variable: ansible_runas_flags

become_pass

string

password

Configuration:

  • INI entry:

    [runas_become_plugin]
    password = None
    
  • Environment variable: ANSIBLE_BECOME_PASS

  • Environment variable: ANSIBLE_RUNAS_PASS

  • Variable: ansible_become_password

  • Variable: ansible_become_pass

  • Variable: ansible_runas_pass

become_user

string / required

User you ‘become’ to execute the task

Configuration:

  • INI entries:

    [privilege_escalation]
    become_user = None
    
    [runas_become_plugin]
    user = None
    
  • Environment variable: ANSIBLE_BECOME_USER

  • Environment variable: ANSIBLE_RUNAS_USER

  • Variable: ansible_become_user

  • Variable: ansible_runas_user

Notes

Note

  • runas is really implemented in the powershell module handler and as such can only be used with winrm connections.

  • This plugin ignores the ‘become_exe’ setting as it uses an API and not an executable.

  • The Secondary Logon service (seclogon) must be running to use runas

Authors

  • ansible (@core)