Running Ansible task as a specific user

Solution 1:

You're misunderstanding both settings there:

  • remote_user is an Ansible setting that controls the SSH user Ansible is using to connect: ssh ${REMOTE_USER}@remotehost

  • someusername ALL=(ALL) NOPASSWD:ALL is a sudo configuration that allows the user someusername to execute all commands in any host without a password. It does not allow anyone to issue commands as someusername though.

Ideally, you would login directly as the right user and that's what remote_user is all about. But usually you are only able to login as an administrative user (say, ubuntu) and have to sudo commands as another user (let's say scrapy). Then you should leave remote_user to the user that logs in and the add the following ansible properties to the job:

- name: log in as ubuntu and do something as scrapy
  remote_user: ubuntu
  sudo: true
  sudo_user: scrapy
  shell: do-something.sh

Solution 2:

Note that after Ansible 1.9, the sudo wording was replaced with become, thus

sudo: yes
sudo_user: some_user

becomes (pun intended):

become: yes
become_user: some_user

See more specifics here: https://stackoverflow.com/a/22749788/402727

Also write this before the actual module (e.g. command or shell) you want to execute for it to take effect. At least in my experience it didn't work correctly if I have written become and become_user after the shell module.

- name: Example user change
  become: true
  become_user: '{{ user }}'
  shell: |
    ...