community.general.pfexec become – Profile based execution

Note

This become plugin is part of the community.general collection (version 13.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.pfexec.

Synopsis

  • This become plugins allows your remote/login user to execute commands as another user using the pfexec utility.

Parameters

Parameter

Comments

become_exe

string

pfexec executable.

Default: "pfexec"

Configuration:

  • INI entries:

    [privilege_escalation]
become_exe = pfexec

    [pfexec_become_plugin]
executable = pfexec

  • Environment variable: ANSIBLE_BECOME_EXE

  • Environment variable: ANSIBLE_PFEXEC_EXE

  • Variable: ansible_become_exe

  • Variable: ansible_pfexec_exe

become_flags

string

Options to pass to pfexec.

Default: ""

Configuration:

  • INI entries:

    [privilege_escalation]
become_flags = ""

    [pfexec_become_plugin]
flags = ""

  • Environment variable: ANSIBLE_BECOME_FLAGS

  • Environment variable: ANSIBLE_PFEXEC_FLAGS

  • Variable: ansible_become_flags

  • Variable: ansible_pfexec_flags

become_pass

string

pfexec password.

Configuration:

  • INI entry:

    [pfexec_become_plugin]
password = VALUE

  • Environment variable: ANSIBLE_BECOME_PASS

  • Environment variable: ANSIBLE_PFEXEC_PASS

  • Variable: ansible_become_password

  • Variable: ansible_become_pass

  • Variable: ansible_pfexec_pass

become_user

string

User you ‘become’ to execute the task.

This plugin ignores this setting as pfexec uses its own exec_attr to figure this out, but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions.

Default: "root"

Configuration:

  • INI entries:

    [privilege_escalation]
become_user = root

    [pfexec_become_plugin]
user = root

  • Environment variable: ANSIBLE_BECOME_USER

  • Environment variable: ANSIBLE_PFEXEC_USER

  • Variable: ansible_become_user

  • Variable: ansible_pfexec_user

wrap_exe

boolean

Toggle to wrap the command pfexec calls in shell -c or not.

Unlike sudo, pfexec does not interpret shell constructs internally, so commands containing shell operators must be wrapped in a shell invocation.

The current default of false only works in very limited cases (for example with ansible.builtin.raw).

The current default is deprecated and will change to true in community.general 14.0.0. To avoid the deprecation message, you can explicitly set this option to a value.

Choices:

  • false

  • true

Configuration:

  • INI entry:

    [pfexec_become_plugin]
wrap_execution = VALUE

  • Environment variable: ANSIBLE_PFEXEC_WRAP_EXECUTION

  • Variable: ansible_pfexec_wrap_execution

Note

Configuration entries listed above for each entry type (Ansible variable, environment variable, and so on) have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up. The entry types are also ordered by precedence from low to high priority order. For example, an ansible.cfg entry (further up in the list) is overwritten by an Ansible variable (further down in the list).

Notes

Note

  • This plugin ignores become_user as pfexec uses its own exec_attr to figure this out.

Authors

  • Ansible Core Team