Change linux password with Ansible playbook script when connecting as a non-root user without sudo privileges
Solution 1
Use the built-in user module instead of a shell command. This requires become: True in your playbook. Note that the password parameter of the user module requires an encrypted value. The password_hash jinja filter will help you there.
- name: change user's password
user:
name: foo
password: "{{ 'passwordsaresecret' | password_hash('sha512') }}"
Solution 2
Your playbook is almost correct. I had the same kind of requirement and I used your playbook. There was just one mistake in your playbook, you forgot to enclose your password variables in '{{}}' braces. So I changed your playbook like below and it worked for me.
hosts: all
gather_facts: no
tasks:
- name: "Check if user exists"
register: user1_exists
raw: getent passwd {{ ansible_user }}
ignore_errors: true
- name: "Change {{ ansible_user }} password"
raw: echo -e "{{ ansible_password }}\n{{newpwd}}\n{{newpwd}}" | passwd
when: user1_exists|success
kuttumiah
SOreadytohelp I'm a stubborn person with lots of dreams to make them true. I like to travel, like to travel into a speedy bus. I also like to discover new places and make friends with new people. I love everything around myself. I like to experiment with new tools and technologies. On the way of that like to break things to learn something more. I'm personally in love with JavaScript and NodeJS. But also try to play with other stuffs or other JavaScript Libraries. I'm professionally working with Virtualization Tools and Server Side Tools. On this section I'm familiar with popular virtualization tools and server components.
Updated on July 09, 2022Comments
-
kuttumiah almost 2 years
I am trying to change password for a non-root Linux user from Ansible playbook. To do so I tried to follow this link
Following the instruction I can successfully change the password of a non-root user by typing the code below in the terminal.
$ echo -e "your_current_pass\nlinuxpassword\nlinuxpassword" | passwd Changing password for testuser. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfullyAfter that I am trying to automate the code with an Ansible playbook like below,
--- - hosts: all gather_facts: no tasks: - name: "Check if user exists" register: user1_exists raw: getent passwd {{ ansible_user }} ignore_errors: true - name: "Change {{ ansible_user }} password" raw: echo -e "my_current_pass\nmy_new_pass\nmy_new_pass" | passwd when: user1_exists|successI am using the raw module of Ansible here as most of my machines don't have Python installed. I do not have
superuser (sudo)permission either to usebecome: Truein playbook.Also using password based authentication here to run the Ansible playbook on target machine. Not ssh based authentication.
But while I am executing the playbook I am getting this error,
TASK [change user1 password] *************************************************** fatal: [192.168.0.57]: FAILED! => {"changed": true, "failed": true, "rc": 10, "stderr": "Shared connection to 192.168.0.57 closed.\r\n", "stdout": "Changing password for testuser.\r\n(current) UNIX password: passwd: Authentication token manipulation error\r\npasswd: password unchanged\r\n", "stdout_lines": ["Changing password for testuser.", "(current) UNIX password: passwd: Authentication token manipulation error", "passwd: password unchanged"]}Could anyone show me the mistakes I am making here?