Ansible Run Command As Another User

Question

I know my question is what become is designed to solve. And I do use it. However, my command seems to still be run as the ssh user. I'm trying to execute a which psql command to get the executable path. Running which psql as ssh user gives a different output than running the same command as my become user which is the output I want.

EDIT The problem is the $PATH variable ansible is using as suggested in comments. It is not using the correct $PATH variable. How can I direct ansible to use postgres users $PATH variable? Using environment module didn't work for me as suggested here https://serverfault.com/questions/734560/ansible-become-user-not-picking-up-path-correctly

EDIT2 So a solution is to use the environment module and set the path to the path I know has the psql executable but this seems hacky. Ideally, I'd like to just be able to use the become users path and not have to explicitly set it. Here's the hacky solution:

- name: Check if new or existing host
  command: which psql
  environment:
    PATH: "/usr/pgsql-13/bin/:{{ansible_env.PATH}}"
  become: yes
  become_user: postgres

Playbook

---
- name: Playbook Control
  hosts: all
  become: yes
  become_user: postgres

  tasks:
    - name: Check if new or existing host
      shell: whoami && which psql
      register: output

Relevant Output (the same as if I were to run the task command as my_user on myhost.net)

"stdout_lines": [
    "postgres",
    "/usr/bin/psql"
]

Expected Output (the output if I were to run the task command as postgres user on myhost.net)

"stdout_lines": [
    "postgres",
    "/usr/pgsql-13/bin/psql"
]

Inventory

myhost.net 

[all:vars]
ansible_connection=ssh
ansible_user=my_user

Command

ansible-playbook --ask-vault-pass  -vvv -i temp_hosts playbook.yml

In vault I only have the ssh pass of my_user.

Running the playbook with -vvv flag shows me that escalation was successful and that the output of this task is the output of running the command as ssh user, not become user. Any ideas?

Answer 1

Ansible by default uses sudo as the default become method. Depending on how your linux system is configured (check /etc/sudoers), it could be that your $PATH variable is preserved for sudo commands.

You can either change this, or force ansible to use a different become method such as su: https://docs.ansible.com/ansible/latest/user_guide/become.html#become-directives