community.general.doas become – Do As user

Note

This become plugin is part of the community.general collection (version 12.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.doas.

Synopsis

  • This become plugins allows your remote/login user to execute commands as another user using the doas utility.

Parameters

Parameter

Comments

allow_pipelining

boolean

added in community.general 12.4.0

When set to true, do allow pipelining with ansible-core 2.19+.

This should only be used when doas is configured to not ask for a password (nopass).

Choices:

  • false ← (default)

  • true

Configuration:

  • INI entry:

    [doas_become_plugin]
allow_pipelining = false

  • Environment variable: ANSIBLE_DOAS_ALLOW_PIPELINING

  • Variable: ansible_doas_allow_pipelining

become_exe

string

doas executable.

Default: "doas"

Configuration:

  • INI entries:

    [privilege_escalation]
become_exe = doas

    [doas_become_plugin]
executable = doas

  • Environment variable: ANSIBLE_BECOME_EXE

  • Environment variable: ANSIBLE_DOAS_EXE

  • Variable: ansible_become_exe

  • Variable: ansible_doas_exe

become_flags

string

Options to pass to doas.

Default: ""

Configuration:

  • INI entries:

    [privilege_escalation]
become_flags = ""

    [doas_become_plugin]
flags = ""

  • Environment variable: ANSIBLE_BECOME_FLAGS

  • Environment variable: ANSIBLE_DOAS_FLAGS

  • Variable: ansible_become_flags

  • Variable: ansible_doas_flags

become_pass

string

Password for doas prompt.

Configuration:

  • INI entry:

    [doas_become_plugin]
password = VALUE

  • Environment variable: ANSIBLE_BECOME_PASS

  • Environment variable: ANSIBLE_DOAS_PASS

  • Variable: ansible_become_password

  • Variable: ansible_become_pass

  • Variable: ansible_doas_pass

become_user

string

User you ‘become’ to execute the task.

Configuration:

  • INI entries:

    [privilege_escalation]
become_user = VALUE

    [doas_become_plugin]
user = VALUE

  • Environment variable: ANSIBLE_BECOME_USER

  • Environment variable: ANSIBLE_DOAS_USER

  • Variable: ansible_become_user

  • Variable: ansible_doas_user

prompt_l10n

list / elements=string

List of localized strings to match for prompt detection.

If empty the plugin uses the built-in one.

Default: []

Configuration:

  • INI entry:

    [doas_become_plugin]
localized_prompts =

  • Environment variable: ANSIBLE_DOAS_PROMPT_L10N

  • Variable: ansible_doas_prompt_l10n

Note

Configuration entries listed above for each entry type (Ansible variable, environment variable, and so on) have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up. The entry types are also ordered by precedence from low to high priority order. For example, an ansible.cfg entry (further up in the list) is overwritten by an Ansible variable (further down in the list).

Notes

Note

  • This become plugin does not work when connection pipelining is enabled and doas requests a password. With ansible-core 2.19+, using this plugin automatically disables pipelining, unless allow_pipelining=true is explicitly set by the user. On ansible-core 2.18 and before, pipelining must explicitly be disabled by the user.

Authors

  • Ansible Core Team