Ansible provides privilege escalation options to run commands with elevated privileges on target hosts. These options include:
--ask-become-passor-K: Asks for the privilege escalation password.--become-method: Specifies the privilege escalation method to use, such assudo(default) or others listed inansible-doc -t become -l.--become-user: Runs operations as the specified user (default isroot). This option is useful when you want to execute commands as a different user.-bor--become: Runs operations with privilege escalation (does not imply password prompting).
Here are some examples:
Running a command without privilege escalation:
1 | $ ansible -i inventory/hosts -m shell -a 'whoami' blacktemple |
Running a command with privilege escalation (as root):
1 | $ ansible -i inventory/hosts -b --ask-become-pass -m shell -a 'whoami' blacktemple |
Running a command with privilege escalation using a sudoer without password prompt:
1 | $ ansible -i inventory/hosts -b -m shell -a 'whoami' blacktemple |
Running a command with privilege escalation as user “nginx”:
1 | $ ansible -i inventory/hosts -b --become-user nginx -m shell -a 'whoami' blacktemple |