Ansible provides privilege escalation options to run commands with elevated privileges on target hosts. These options include:
--ask-become-pass
or-K
: Asks for the privilege escalation password.--become-method
: Specifies the privilege escalation method to use, such assudo
(default) or others listed inansible-doc -t become -l
.--become-user
: Runs operations as the specified user (default isroot
). This option is useful when you want to execute commands as a different user.-b
or--become
: Runs operations with privilege escalation (does not imply password prompting).
Here are some examples:
Running a command without privilege escalation:
1 | $ ansible -i inventory/hosts -m shell -a 'whoami' blacktemple |
Running a command with privilege escalation (as root):
1 | $ ansible -i inventory/hosts -b --ask-become-pass -m shell -a 'whoami' blacktemple |
Running a command with privilege escalation using a sudoer without password prompt:
1 | $ ansible -i inventory/hosts -b -m shell -a 'whoami' blacktemple |
Running a command with privilege escalation as user “nginx”:
1 | $ ansible -i inventory/hosts -b --become-user nginx -m shell -a 'whoami' blacktemple |