I have a Trellis server with admin and root. When I want to change to sudo user using the admin and enter my password as I have stored in group_vars/production/vault.yml:
# Documentation: https://roots.io/trellis/docs/security/
vault_sudoer_passwords:
admin: password_in_question
under users.yml it is shown admin is part of the sudoers group:
# Documentation: https://roots.io/trellis/docs/ssh-keys/
admin_user: admin
# Also define 'vault_users' (`group_vars/staging/vault.yml`, `group_vars/production/vault.yml`)
users:
- name: "{{ web_user }}"
groups:
- "{{ web_group }}"
keys:
- "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
- https://github.com/jasperf.keys
- name: "{{ admin_user }}"
groups:
- sudo
keys:
- "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
- https://github.com/jasperf.keys
web_user: web
web_group: www-data
web_sudoers:
- "/usr/sbin/service php7.0-fpm *"
it tells me the password is wrong:
Last login: Thu Nov 3 07:02:08 2016 from 89.148.54.81
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
admin@ianua:~$ sudo su
[sudo] password for admin:
Sorry, try again.
[sudo] password for admin:
When I double check admin is a sudo user it is confirmed it is the case:
root@ianua:~# grep -Po '^sudo.+:\K.*$' /etc/group
admin
So I then decide to do a
ansible-playbook server.yml -e env=production
to see if updating / re-provisioning changes / fixes all again.
It only did the basics but when I tried the same admin password in group_vars/production/vault.yml I still get:
admin@ianua:~$ sudo su
[sudo] password for admin:
Sorry, try again.
Any ideas what I am missing here?