Requesting sudo password

mnussbaum / ansible-yay

Ansible module to install AUR packages with yay

MIT License

55 stars 14 forks source link

Requesting sudo password #9

Open Darguima opened 8 months ago

Darguima commented 8 months ago

I've just ran for the first time this module. I'm installing some AUR packages with it, but always that it start the task, it request me my sudo password:

TASK [role : Task name] ***
[sudo] password for darguima:
changed: [localhost]

I don't know if this is the normal behavior, but it would be nice if I doesn't need insert my password, as long as I pass the --ask-become-pass, and if I'm installing something with pacman for example, using the become: true I don't need passwords.

Just because I want run something automatized that don't need human interaction.

Is this a bug, or the normal behavior?

miguelcmaramara commented 3 months ago

Hey! Looks like someone found a workaround and a similar issue here. Hope this helps!

https://github.com/mnussbaum/ansible-yay/issues/2#issuecomment-496172670

Darguima commented 3 months ago

Hi there! Thank you for your suggestion! I actually implemented something similar in the meantime. I created an aur_builder user specifically for this purpose and have been using it.

However, the problem I encountered is that, in my specific case, I required a role to handle all these configurations (creating the user and editing the sudoers file), whereas my preferred solution would have allowed me to utilize my default user.

So I wanted to know if is possible to use this package like we do with the pacman one - just with the password when starting Ansible and nothing more.

Nevertheless, thanks for trying to help!

miguelcmaramara commented 3 months ago

Of course! Do you currently have your aur_builder user role add itself to sudoers within the scripts? Because a further (suboptimal) workaround that I had was to have ansible add the default user to sudoers and allow yay and pacman to run with no password so that there's no friction. I just run the entire playbook with a password in the very beginning and don't think about it.

Darguima commented 3 months ago

Yes. I have a role that creates the aur_builder user ands add him to the sudoers files after installing `yay.

The problem with using my personal user instead of the aur_builder is that it opens a door to somebody install everything in my computer, without any problem, if can gain access to it.

miguelcmaramara commented 3 months ago

Makes sense. Definitely a vulnerability if the permissions aren't removed!