ansible-podman-collections/docs/collections/containers/podman/podman_unshare_become.html

<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="../../../">
<head>
  <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta content="2.24.0" name="antsibull-docs" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>containers.podman.podman_unshare become – Run tasks using podman unshare &mdash; Ansible collections  documentation</title>
      <link rel="stylesheet" type="text/css" href="../../../_static/pygments.css?v=41de9001" />
      <link rel="stylesheet" type="text/css" href="../../../_static/css/ansible.css?v=b54c304f" />
      <link rel="stylesheet" type="text/css" href="../../../_static/antsibull-minimal.css" />
      <link rel="stylesheet" type="text/css" href="../../../_static/css/rtd-ethical-ads.css?v=289b023e" />

  
    <link rel="shortcut icon" href="../../../_static/images/Ansible-Mark-RGB_Black.png"/>
      <script src="../../../_static/jquery.js?v=5d32c60e"></script>
      <script src="../../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
      <script src="../../../_static/documentation_options.js?v=7f41d439"></script>
      <script src="../../../_static/doctools.js?v=fd6eb6e6"></script>
      <script src="../../../_static/sphinx_highlight.js?v=6ffebe34"></script>
    <script src="../../../_static/js/theme.js"></script>
    <link rel="search" title="Search" href="../../../search.html" />
    <link rel="next" title="containers.podman.buildah connection – Interact with an existing buildah container" href="buildah_connection.html" />
    <link rel="prev" title="containers.podman.podman_volume_info module – Gather info about podman volumes" href="podman_volume_info_module.html" /><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->




</head>

<body class="wy-body-for-nav"><!-- extra body elements for Ansible beyond RTD Sphinx Theme -->

<div class="DocSite-globalNav ansibleNav">
  <ul>
    <li><a href="https://www.ansible.com/blog" target="_blank">Blog</a></li>
    <li><a href="https://forum.ansible.com/" target="_blank">Ansible community forum</a></li>
    <li><a href="https://docs.ansible.com/" target="_blank">Documentation</a></li>
  </ul>
</div>

<a class="DocSite-nav" href="/" style="padding-bottom: 30px;">

  <img class="DocSiteNav-logo"
    src="../../../_static/images/Ansible-Mark-RGB_White.png"
    alt="Ansible Logo">
  <div class="DocSiteNav-title">Ansible Collections Documentation</div>
</a>
  <div class="wy-grid-for-nav">
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search" >

          
          
          <a href="../../../index.html" class="icon icon-home">
            Ansible collections
          </a><!--- Based on https://github.com/rtfd/sphinx_rtd_theme/pull/438/files -->

<div class="version">
  
    
  
</div>
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../../search.html" method="get">
    <label class="sr-only" for="q">Search docs:</label>
    <input type="text" class="st-default-search-input" id="q" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>
        </div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
  
              <p class="caption" role="heading"><span class="caption-text">Collections:</span></p>
<ul class="current">
<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">Collection Index</a><ul class="current">
<li class="toctree-l2 current"><a class="reference internal" href="../index.html">Collections in the Containers Namespace</a><ul class="current">
<li class="toctree-l3 current"><a class="reference internal" href="index.html">Containers.Podman</a><ul class="current">
<li class="toctree-l4"><a class="reference internal" href="index.html#description">Description</a></li>
<li class="toctree-l4 current"><a class="reference internal" href="index.html#plugin-index">Plugin Index</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Plugin indexes:</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../index_become.html">Index of all Become Plugins</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../index_connection.html">Index of all Connection Plugins</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../index_inventory.html">Index of all Inventory Plugins</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../index_module.html">Index of all Modules</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Reference indexes:</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../environment_variables.html">Index of all Collection Environment Variables</a></li>
</ul>
<!-- extra nav elements for Ansible beyond RTD Sphinx Theme -->

        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../../index.html">Ansible collections</a>
      </nav>

      <div class="wy-nav-content">
        <div class="rst-content">
          <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../../../index.html" class="icon icon-home" aria-label="Home"></a></li>
          <li class="breadcrumb-item"><a href="../../index.html">Collection Index</a></li>
          <li class="breadcrumb-item"><a href="../index.html">Collections in the Containers Namespace</a></li>
          <li class="breadcrumb-item"><a href="index.html">Containers.Podman</a></li>
      <li class="breadcrumb-item active">containers.podman.podman_unshare become – Run tasks using podman unshare</li>
      <li class="wy-breadcrumbs-aside">
      </li>
  </ul>
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">

  
           <div itemprop="articleBody">
             
  <span class="target" id="ansible-collections-containers-podman-podman-unshare-become"></span><section id="containers-podman-podman-unshare-become-run-tasks-using-podman-unshare">
<h1>containers.podman.podman_unshare become – Run tasks using podman unshare<a class="headerlink" href="#containers-podman-podman-unshare-become-run-tasks-using-podman-unshare" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This become plugin is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/containers/podman/">containers.podman collection</a> (version 1.19.0).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">containers.podman</span></code>.</p>
<p>To use it in a playbook, specify: <code class="code docutils literal notranslate"><span class="pre">containers.podman.podman_unshare</span></code>.</p>
</div>
<p class="ansible-version-added">New in containers.podman 1.9.0</p>
<nav class="contents local" id="contents">
<ul class="simple">
<li><p><a class="reference internal" href="#synopsis" id="id1">Synopsis</a></p></li>
<li><p><a class="reference internal" href="#parameters" id="id2">Parameters</a></p></li>
<li><p><a class="reference internal" href="#examples" id="id3">Examples</a></p></li>
</ul>
</nav>
<section id="synopsis">
<h2><a class="toc-backref" href="#id1" role="doc-backlink">Synopsis</a><a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p>This become plugins allows your remote/login user to execute commands in its container user namespace. Official documentation: <a class="reference external" href="https://docs.podman.io/en/latest/markdown/podman-unshare.1.html">https://docs.podman.io/en/latest/markdown/podman-unshare.1.html</a></p></li>
</ul>
</section>
<section id="parameters">
<h2><a class="toc-backref" href="#id2" role="doc-backlink">Parameters</a><a class="headerlink" href="#parameters" title="Link to this heading"></a></h2>
<table class="longtable ansible-option-table docutils align-default" style="width: 100%">
<thead>
<tr class="row-odd"><th class="head"><p>Parameter</p></th>
<th class="head"><p>Comments</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-become_exe"></div><p class="ansible-option-title" id="ansible-collections-containers-podman-podman-unshare-become-parameter-become-exe"><strong>become_exe</strong></p>
<a class="ansibleOptionLink" href="#parameter-become_exe" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Sudo executable</p>
<p class="ansible-option-line"><strong class="ansible-option-default-bold">Default:</strong> <code class="ansible-option-default docutils literal notranslate"><span class="pre">&quot;sudo&quot;</span></code></p>
<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
<ul>
<li><p>INI entries:</p>
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[privilege_escalation]</span>
<span class="na">become_exe</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">sudo</span>
</pre></div>
</div>
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[sudo_become_plugin]</span>
<span class="na">executable</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">sudo</span>
</pre></div>
</div>
</li>
<li><p>Environment variable: <span class="target" id="index-0"></span><a class="reference external" href="https://docs.ansible.com/projects/ansible/devel/reference_appendices/config.html#envvar-ANSIBLE_BECOME_EXE" title="(in Ansible devel)"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_BECOME_EXE</span></code></a></p></li>
<li><p>Environment variable: <span class="target" id="index-1"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_SUDO_EXE"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_SUDO_EXE</span></code></a></p></li>
<li><p>Variable: ansible_become_exe</p></li>
<li><p>Variable: ansible_sudo_exe</p></li>
</ul>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-become_pass"></div><p class="ansible-option-title" id="ansible-collections-containers-podman-podman-unshare-become-parameter-become-pass"><strong>become_pass</strong></p>
<a class="ansibleOptionLink" href="#parameter-become_pass" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Password to pass to sudo</p>
<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
<ul>
<li><p>INI entry:</p>
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[sudo_become_plugin]</span>
<span class="na">password</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">VALUE</span>
</pre></div>
</div>
</li>
<li><p>Environment variable: <span class="target" id="index-2"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_BECOME_PASS"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_BECOME_PASS</span></code></a></p></li>
<li><p>Environment variable: <span class="target" id="index-3"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_SUDO_PASS"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_SUDO_PASS</span></code></a></p></li>
<li><p>Variable: ansible_become_password</p></li>
<li><p>Variable: ansible_become_pass</p></li>
<li><p>Variable: ansible_sudo_pass</p></li>
</ul>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-become_user"></div><p class="ansible-option-title" id="ansible-collections-containers-podman-podman-unshare-become-parameter-become-user"><strong>become_user</strong></p>
<a class="ansibleOptionLink" href="#parameter-become_user" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>User you ‘become’ to execute the task (‘root’ is not a valid value here).</p>
<p class="ansible-option-line"><strong class="ansible-option-configuration">Configuration:</strong></p>
<ul>
<li><p>INI entries:</p>
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[privilege_escalation]</span>
<span class="na">become_user</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">VALUE</span>
</pre></div>
</div>
<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[sudo_become_plugin]</span>
<span class="na">user</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">VALUE</span>
</pre></div>
</div>
</li>
<li><p>Environment variable: <span class="target" id="index-4"></span><a class="reference external" href="https://docs.ansible.com/projects/ansible/devel/reference_appendices/config.html#envvar-ANSIBLE_BECOME_USER" title="(in Ansible devel)"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_BECOME_USER</span></code></a></p></li>
<li><p>Environment variable: <span class="target" id="index-5"></span><a class="reference internal" href="../../environment_variables.html#envvar-ANSIBLE_SUDO_USER"><code class="xref std std-envvar docutils literal notranslate"><span class="pre">ANSIBLE_SUDO_USER</span></code></a></p></li>
<li><p>Variable: ansible_become_user</p></li>
<li><p>Variable: ansible_sudo_user</p></li>
</ul>
</div></td>
</tr>
</tbody>
</table>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Configuration entries listed above for each entry type (Ansible variable, environment variable, and so on) have a low to high priority order.
For example, a variable that is lower in the list will override a variable that is higher up.
The entry types are also ordered by precedence from low to high priority order.
For example, an ansible.cfg entry (further up in the list) is overwritten by an Ansible variable (further down in the list).</p>
</div>
</section>
<section id="examples">
<h2><a class="toc-backref" href="#id3" role="doc-backlink">Examples</a><a class="headerlink" href="#examples" title="Link to this heading"></a></h2>
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">checking uid of file &#39;foo&#39;</span>
<span class="w">  </span><span class="nt">ansible.builtin.stat</span><span class="p">:</span>
<span class="w">    </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">/foo&quot;</span>
<span class="w">  </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w">    </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo.stat.uid</span>
<span class="c1"># The output shows that it&#39;s owned by the login user</span>
<span class="c1"># ok: [test_host] =&gt; {</span>
<span class="c1">#     &quot;foo.stat.uid&quot;: &quot;1003&quot;</span>
<span class="c1"># }</span>

<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mounting the file to an unprivileged container and modifying its owner</span>
<span class="w">  </span><span class="nt">containers.podman.podman_container</span><span class="p">:</span>
<span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">chmod_foo</span>
<span class="w">    </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">alpine</span>
<span class="w">    </span><span class="nt">rm</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w">    </span><span class="nt">volume</span><span class="p">:</span>
<span class="w">    </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">:/opt/test:z&quot;</span>
<span class="w">    </span><span class="nt">command</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">chown 1000 /opt/test/foo</span>

<span class="c1"># Now the file &#39;foo&#39; is owned by the container uid 1000,</span>
<span class="c1"># which is mapped to something completaly different on the host.</span>
<span class="c1"># It creates a situation when the file is unaccessible to the host user (uid 1003)</span>
<span class="c1"># Running stat again, debug output will be like this:</span>
<span class="c1"># ok: [test_host] =&gt; {</span>
<span class="c1">#     &quot;foo.stat.uid&quot;: &quot;328679&quot;</span>
<span class="c1"># }</span>

<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">running stat in modified user namespace</span>
<span class="w">  </span><span class="nt">become_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">containers.podman.podman_unshare</span>
<span class="w">  </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w">  </span><span class="nt">ansible.builtin.stat</span><span class="p">:</span>
<span class="w">    </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">/foo&quot;</span>
<span class="w">  </span><span class="nt">register</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">foo</span>
<span class="c1"># By gathering file stats with podman_ushare</span>
<span class="c1"># we can see the uid set in the container:</span>
<span class="c1"># ok: [test_host] =&gt; {</span>
<span class="c1">#     &quot;foo.stat.uid&quot;: &quot;1000&quot;</span>
<span class="c1"># }</span>

<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">resetting file ownership with podman unshare</span>
<span class="w">  </span><span class="nt">become_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">containers.podman.podman_unshare</span>
<span class="w">  </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
<span class="w">  </span><span class="nt">ansible.builtin.file</span><span class="p">:</span>
<span class="w">    </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">file</span>
<span class="w">    </span><span class="nt">path</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;</span><span class="cp">{{</span> <span class="nv">test_dir</span> <span class="cp">}}</span><span class="s">/foo&quot;</span>
<span class="w">    </span><span class="nt">owner</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">0</span><span class="w">  </span><span class="c1"># in a modified user namespace host uid is mapped to 0</span>
<span class="c1"># If we run stat and debug with &#39;become: false&#39;,</span>
<span class="c1"># we can see that the file is ours again:</span>
<span class="c1"># ok: [test_host] =&gt; {</span>
<span class="c1">#     &quot;foo.stat.uid&quot;: &quot;1003&quot;</span>
<span class="c1"># }</span>
</pre></div>
</div>
<section id="authors">
<h3>Authors<a class="headerlink" href="#authors" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p>Janos Gerzson (&#64;grzs)</p></li>
</ul>
</section>
<section id="collection-links">
<h3>Collection links<a class="headerlink" href="#collection-links" title="Link to this heading"></a></h3>
<ul class="ansible-links">
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/containers/ansible-podman-collections/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc" rel="noopener external" target="_blank">Issue Tracker</a></span></li>
<li><span><a aria-role="button" class="ansible-link reference external" href="https://github.com/containers/ansible-podman-collections" rel="noopener external" target="_blank">Repository (Sources)</a></span></li>
</ul>
</section>
</section>
</section>


           </div>
          </div>
          

<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
        <a href="podman_volume_info_module.html" class="btn btn-neutral float-left" title="containers.podman.podman_volume_info module – Gather info about podman volumes" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
        <a href="buildah_connection.html" class="btn btn-neutral float-right" title="containers.podman.buildah connection – Interact with an existing buildah container" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright Ansible contributors.</p>
  </div>

  
   

</footer>
        </div>
      </div>
    </section>
  </div>
  <script>
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script><!-- extra footer elements for Ansible beyond RTD Sphinx Theme -->

</body>
</html>