community.general.pfexec become – profile based execution

Note

This become plugin is part of the community.general collection (version 5.0.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.pfexec.

Synopsis

  • This become plugins allows your remote/login user to execute commands as another user via the pfexec utility.

Parameters

Parameter

Comments

become_exe

string

Sudo executable

Default: “pfexec”

Configuration:

  • INI entries:

    [privilege_escalation]
    become_exe = pfexec
    
    [pfexec_become_plugin]
    executable = pfexec
    
  • Environment variable: ANSIBLE_BECOME_EXE

  • Environment variable: ANSIBLE_PFEXEC_EXE

  • Variable: ansible_become_exe

  • Variable: ansible_pfexec_exe

become_flags

string

Options to pass to pfexec

Default: “-H -S -n”

Configuration:

  • INI entries:

    [privilege_escalation]
    become_flags = -H -S -n
    
    [pfexec_become_plugin]
    flags = -H -S -n
    
  • Environment variable: ANSIBLE_BECOME_FLAGS

  • Environment variable: ANSIBLE_PFEXEC_FLAGS

  • Variable: ansible_become_flags

  • Variable: ansible_pfexec_flags

become_pass

string

pfexec password

Configuration:

  • INI entry:

    [pfexec_become_plugin]
    password = None
    
  • Environment variable: ANSIBLE_BECOME_PASS

  • Environment variable: ANSIBLE_PFEXEC_PASS

  • Variable: ansible_become_password

  • Variable: ansible_become_pass

  • Variable: ansible_pfexec_pass

become_user

string

User you ‘become’ to execute the task

This plugin ignores this setting as pfexec uses it’s own exec_attr to figure this out, but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions.

Default: “root”

Configuration:

  • INI entries:

    [privilege_escalation]
    become_user = root
    
    [pfexec_become_plugin]
    user = root
    
  • Environment variable: ANSIBLE_BECOME_USER

  • Environment variable: ANSIBLE_PFEXEC_USER

  • Variable: ansible_become_user

  • Variable: ansible_pfexec_user

wrap_exe

boolean

Toggle to wrap the command pfexec calls in ‘shell -c’ or not

Choices:

  • no ← (default)

  • yes

Configuration:

  • INI entry:

    [pfexec_become_plugin]
    wrap_execution = no
    
  • Environment variable: ANSIBLE_PFEXEC_WRAP_EXECUTION

  • Variable: ansible_pfexec_wrap_execution

Notes

Note

  • This plugin ignores become_user as pfexec uses it’s own exec_attr to figure this out.

Authors

  • Ansible Core Team

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.