community.general.pfexec become – profile based execution

Note

This become plugin is part of the community.general collection (version 6.6.9).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.pfexec.

Synopsis

  • This become plugins allows your remote/login user to execute commands as another user via the pfexec utility.

Parameters

Parameter

Comments

become_exe

string

Sudo executable

Default: "pfexec"

Configuration:

  • INI entries:

    [privilege_escalation]
become_exe = pfexec

    [pfexec_become_plugin]
executable = pfexec

  • Environment variable: ANSIBLE_BECOME_EXE

  • Environment variable: ANSIBLE_PFEXEC_EXE

  • Variable: ansible_become_exe

  • Variable: ansible_pfexec_exe

become_flags

string

Options to pass to pfexec

Default: "-H -S -n"

Configuration:

  • INI entries:

    [privilege_escalation]
become_flags = -H -S -n

    [pfexec_become_plugin]
flags = -H -S -n

  • Environment variable: ANSIBLE_BECOME_FLAGS

  • Environment variable: ANSIBLE_PFEXEC_FLAGS

  • Variable: ansible_become_flags

  • Variable: ansible_pfexec_flags

become_pass

string

pfexec password

Configuration:

  • INI entry:

    [pfexec_become_plugin]
password = VALUE

  • Environment variable: ANSIBLE_BECOME_PASS

  • Environment variable: ANSIBLE_PFEXEC_PASS

  • Variable: ansible_become_password

  • Variable: ansible_become_pass

  • Variable: ansible_pfexec_pass

become_user

string

User you ‘become’ to execute the task

This plugin ignores this setting as pfexec uses it’s own exec_attr to figure this out, but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions.

Default: "root"

Configuration:

  • INI entries:

    [privilege_escalation]
become_user = root

    [pfexec_become_plugin]
user = root

  • Environment variable: ANSIBLE_BECOME_USER

  • Environment variable: ANSIBLE_PFEXEC_USER

  • Variable: ansible_become_user

  • Variable: ansible_pfexec_user

wrap_exe

boolean

Toggle to wrap the command pfexec calls in ‘shell -c’ or not

Choices:

  • false ← (default)

  • true

Configuration:

  • INI entry:

    [pfexec_become_plugin]
wrap_execution = false

  • Environment variable: ANSIBLE_PFEXEC_WRAP_EXECUTION

  • Variable: ansible_pfexec_wrap_execution

Notes

Note

  • This plugin ignores become_user as pfexec uses it’s own exec_attr to figure this out.

Authors

  • Ansible Core Team

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.