community.general.pfexec – profile based execution

Note

This plugin is part of the community.general collection (version 3.7.0).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.pfexec.

Synopsis

  • This become plugins allows your remote/login user to execute commands as another user via the pfexec utility.

Parameters

Parameter Choices/Defaults Configuration Comments
become_exe
string
Default:
"pfexec"
ini entries:

[privilege_escalation]
become_exe = pfexec

[pfexec_become_plugin]
executable = pfexec

env:ANSIBLE_BECOME_EXE
env:ANSIBLE_PFEXEC_EXE
var: ansible_become_exe
var: ansible_pfexec_exe
Sudo executable
become_flags
string
Default:
"-H -S -n"
ini entries:

[privilege_escalation]
become_flags = -H -S -n

[pfexec_become_plugin]
flags = -H -S -n

env:ANSIBLE_BECOME_FLAGS
env:ANSIBLE_PFEXEC_FLAGS
var: ansible_become_flags
var: ansible_pfexec_flags
Options to pass to pfexec
become_pass
string
ini entries:

[pfexec_become_plugin]
password = None

env:ANSIBLE_BECOME_PASS
env:ANSIBLE_PFEXEC_PASS
var: ansible_become_password
var: ansible_become_pass
var: ansible_pfexec_pass
pfexec password
become_user
string
Default:
"root"
ini entries:

[privilege_escalation]
become_user = root

[pfexec_become_plugin]
user = root

env:ANSIBLE_BECOME_USER
env:ANSIBLE_PFEXEC_USER
var: ansible_become_user
var: ansible_pfexec_user
User you 'become' to execute the task
This plugin ignores this setting as pfexec uses it's own exec_attr to figure this out, but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions.
wrap_exe
boolean
    Choices:
  • no ←
  • yes
ini entries:

[pfexec_become_plugin]
wrap_execution = no

env:ANSIBLE_PFEXEC_WRAP_EXECUTION
var: ansible_pfexec_wrap_execution
Toggle to wrap the command pfexec calls in 'shell -c' or not

Notes

Note

  • This plugin ignores become_user as pfexec uses it’s own exec_attr to figure this out.

Authors

  • Ansible Core Team