Open EtiennePerot opened 7 years ago
I also use this with become_user
. You're right that the readme should be cleared up.
The problem is that we cannot determine which user is suitable for this. We can probably use nobody
by default, but I'm very skeptical that changing sudoers is right to do.
If you have a reasonably non-intrusive idea about how to change this, patches welcome. Otherwise, I'm unlikely to work on having ansible-aur
directly modify sudoers.
One possibility might be dropping privs to nobody
, and only building the package with that, then installing it as root. This doesn't handle problems with AUR dependencies, though, so it's non-trivial.
You could add a "root_equivalent_build_user" string argument that, if set, creates that user (if it doesn't exist yet) and makes it be able to use sudo
without password.
That or edit the README to list the extra steps necessary to set up a user to use the module with.
Ansible either expects to SSH into machines as
root
, or to becomeroot
after SSHing through some mechanism e.g.sudo
.1 However, neitherpacaur
,yaourt
, ormakepkg
allow executing operations asroot
.2 This means that the example in README.md currently do not work; they will fail with "you cannot perform this operation as root".The only way I've found to use ansible-aur in a playbook that also uses other modules (e.g. Ansible's own
pacman
orpackage
module) requires doing something like this:And then each
aur
invocation has to includewhen
+become
+become_user
directives:ansible-aur should take care of this extra setup automatically in order to avoid the extra verbosity and to make the examples on README.md work again.