os.chdir fails if the sudo/become user lacks adequate permissions to chdir prior to task

[msaladna]

• Which version of Ansible are you running? 2.8.2
• Is your version of Ansible patched in any way? No
• Are you running with any custom modules, or module_utils loaded? No
• Have you tried the latest master version from Git? Yes
• Do you have some idea of what the underlying problem may be? os.chdir in runner.py does not check for permissions before attempting chdir. If permissions for the sudo user prohibit access to the cwd, then the task fails.
• Mention your host and target OS and versions CentOS 7.6.1810
• Mention your host and target Python versions CentOS stock, 2.7.5
• If reporting a crash or hang in Ansible...

  
  [task 12337] 13:59:35.925665 D mitogen.parent: starting no-reply function call to u'local.12340.sudo.postgres': mitogen.core.Dispatcher.forget_chain('testing.apisnetworks.com-12337-7f773bdb9740-5907c1a563401')
  [mux  12303] 13:59:35.926584 D ansible_mitogen.services: decrementing reference count for Context(4, u'local.12340.sudo.postgres')
  [task 12337] 13:59:35.926955 D mitogen: MitogenProtocol(unix_listener.12303): disconnecting
  [task 12337] 13:59:35.927252 D mitogen: Waker(fd=11/12): disconnecting
  [task 12337] 13:59:35.927629 D mitogen: Router(Broker(7e50)): stats: 0 module requests in 0 ms, 0 sent (0 ms minify time), 0 negative responses. Sent 0.0 kb total, 0.0 kb avg.
  [mux  12303] 13:59:35.929497 D mitogen: <Side of unix_client.12337 fd 76>: empty read, disconnecting
  [mux  12303] 13:59:35.929760 D mitogen: MitogenProtocol(unix_client.12337): disconnecting
  [mux  12303] 13:59:35.930372 D mitogen.[local.12340.sudo.postgres]: Dispatcher: dispatching (None, u'mitogen.core', u'Dispatcher', u'forget_chain', ('testing.apisnetworks.com-12337-7f773bdb9740-5907c1a563401',), Kwargs({}))
  [mux  12303] 13:59:35.930643 D mitogen.[local.12340.sudo.postgres]: Dispatcher: Message(4, 1, 0, 101, 0, '\x80\x02(NX\x0c\x00\x00\x00mitogen.coreX\n\x00\x00\x00Dispatcherq\x01X\x0c\x00\x00\x00forget_'..151) -> None
  [mux  12303] 13:59:35.933657 D mitogen.service.[local.12340]: Pool(6a10, size=2, th='MainThread'): initialized
  The full traceback is:
  Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 144, in run
  res = self._execute()
  File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 648, in _execute
  result = self._handler.run(task_vars=variables)
  File "/usr/lib/python2.7/site-packages/ansible_mitogen/mixins.py", line 116, in run
  return super(ActionModuleMixin, self).run(tmp, task_vars)
  File "/usr/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 46, in run
  result = merge_hash(result, self._execute_module(task_vars=task_vars, wrap_async=wrap_async))
  File "/usr/lib/python2.7/site-packages/ansible_mitogen/mixins.py", line 359, in _execute_module
  timeout_secs=self.get_task_timeout_secs(),
  File "/usr/lib/python2.7/site-packages/ansible_mitogen/planner.py", line 503, in invoke
  kwargs=planner.get_kwargs(),
  File "/usr/lib/python2.7/site-packages/ansible_mitogen/connection.py", line 445, in call
  return self._rethrow(recv)
  File "/usr/lib/python2.7/site-packages/ansible_mitogen/connection.py", line 431, in _rethrow
  return recv.get().unpickle()
  File "/usr/lib/python2.7/site-packages/mitogen/core.py", line 963, in unpickle
  raise obj
  CallError: exceptions.OSError: [Errno 13] Permission denied: '/usr/local/apnscp/resources/playbooks'
  File "<stdin>", line 3661, in _dispatch_one
  File "master:/usr/lib/python2.7/site-packages/ansible_mitogen/target.py", line 422, in run_module
  return impl.run()
  File "master:/usr/lib/python2.7/site-packages/ansible_mitogen/runner.py", line 440, in run
  self.setup()
  File "master:/usr/lib/python2.7/site-packages/ansible_mitogen/runner.py", line 850, in setup
  super(NewStyleRunner, self).setup()
  File "master:/usr/lib/python2.7/site-packages/ansible_mitogen/runner.py", line 623, in setup
  super(ProgramRunner, self).setup()
  File "master:/usr/lib/python2.7/site-packages/ansible_mitogen/runner.py", line 374, in setup
  self._setup_cwd()
  File "master:/usr/lib/python2.7/site-packages/ansible_mitogen/runner.py", line 384, in _setup_cwd
  os.chdir(self.cwd)

fatal: [localhost]: FAILED! => { "msg": "Unexpected failure during module execution.", "stdout": "" }

* **If reporting any kind of problem with Ansible, please include the Ansible
  version along with output of "ansible-config dump --only-changed".**

ansible-config dump --only-changed

DEFAULT_STRATEGY(/usr/local/apnscp/resources/playbooks/ansible.cfg) = mitogen_linear DEFAULT_STRATEGY_PLUGIN_PATH(/usr/local/apnscp/resources/playbooks/ansible.cfg) = [u'/usr/lib/python2.7/site-packages/ansible_mitogen/plugins/strategy']

**Sample play to reproduce the behavior:**
```yaml
---
- hosts: localhost
  gather_facts: no
  tasks:
    - name: Become bug
      become_user: postgres
      become: True
      postgresql_user: name=testuser password=abc db=template1 encrypted=yes
      register: user_changed

Verification of the permissions:

sudo -u postgres ls -la /usr/local/apnscp/resources/playbooks/
ls: cannot access /usr/local/apnscp/resources/playbooks/: Permission denied

Then if we change permissions to allow access by user "postgres":

chmod 711 /usr/local/apnscp/
sudo -u postgres ls -la /usr/local/apnscp/resources/playbooks/
# ls succeeds

Likewise the play completes as expected:

changed: [localhost] => {
    "changed": true, 
    "invocation": {
        "module_args": {
            "ca_cert": null, 
            "conn_limit": null, 
            "db": "template1", 
            "encrypted": true, 
            "expires": null, 
            "fail_on_user": true, 
            "login_host": "", 
            "login_password": "", 
            "login_unix_socket": "", 
            "login_user": "postgres", 
            "name": "testuser", 
            "no_password_changes": false, 
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "port": 5432, 
            "priv": null, 
            "role_attr_flags": "", 
            "session_role": null, 
            "ssl_mode": "prefer", 
            "state": "present", 
            "user": "testuser"
        }
    }, 
    "queries": [
        "CREATE USER \"testuser\" WITH ENCRYPTED PASSWORD %(password)s "
    ], 
    "user": "testuser"
}

[zswanson]

Seeing this same issue using ansible 2.8 and mitogen 0.2.8; in our case though we're running ansible/mitogen during an AWS user-data script, so it runs as root. The file task fails when we used become_user to switch to a local service account. In our case we can work around it since the become_user wasn't a necessary step for the execution, so we just removed it.

@dw this is actually becoming a pretty major error, it impacts multiple tasks in our playbooks, and we cannot roll back to 0.2.7 because it isn't compatible with ansible 2.8

Looks to be related to the fix from #591

[rrauenza]

I think I've just hit this as well ... is there a workaround?

My use case is this.. and I think I found a workaround for me:

- name: do something       
      become_user: "{{ lookup('env', 'USER') }}"  # https://github.com/mitogen-hq/mitogen/issues/636
      become: true                                                                        
      command:                                                                            
        chdir: /tmp                                                                       
        cmd: my_command
      delegate_to: 127.0.0.1  # Run this locally (where you issued ansible from)          

This runs local to where I issued the ansible command per delegate_to, so I just become the user who issues the ansible command as a workaround.