Álex Sáez asked:
I want to manage a bunch of devices running /bin/rbash as the default shell with Ansible.
The problem is that Ansible always tries to execute a list of commands that rbash doesn’t like at all:
umask 77 && mkdir -p \"` echo ./ansible-tmp-1460362654.19-62671997084808 `\" && echo \"` echo ./ansible-tmp-1460362654.19-62671997084808 `\"
Any ideas how can I avoid this commands?
To clarify: I want to change the shell Ansible uses, and there is only one user available.
My answer:
Hmm. I think you can get around this with ansible’s raw module.
Remember that while rbash is a restricted shell, it’s entirely possible to start an unrestricted subshell; it’s meant more to prevent accidents than to provide security.
So this is what I would do. I’ve tested this and confirmed it successfully changes a restricted shell. Note that it has to prompt for a password, because chsh prompts for a password and this isn’t avoidable without root access.
---
- hosts: all
gather_facts: False
remote_user: username
tasks:
- name: change shell
raw: "bash -c 'chsh -s /bin/bash' <<< '{{chsh_password}}' "
vars_prompt:
- name: "chsh_password"
prompt: "Password"
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
