Specify User per Task in Ansible

Turns out, become_user directive can be used not only for privilege escalation (running Ansible playbooks as root), but also for becoming any other when you want certain tasks run as that user instead of root.

Default Ansible Behavior for Running Tasks

I had the following piece of code, running /home/greys/.dotfiles/install script. It didn’t run as intended, creating symlinks in /root directory (because that’s what Ansible was running the task as):

- name: Create symlinks for dotfiles
  shell: /home/greys/.dotfiles/install
  register: dotfiles.result
  ignore_errors: yes
  tags: 
    - dotfiles

Specify User for an Ansible Task

become_user parameter can be specifed per task or per playbook, apparently. So that’s how you specify it per task – in my example to run the Create symlinks for dotfiles task as my user greys:

- name: Create symlinks for dotfiles
  shell: /home/greys/.dotfiles/install
  register: dotfiles.result
  ignore_errors: yes
  become: yes
  become_user: greys
  tags: 
    - dotfiles

See Also

• Ansible
• How To Create a Unix Group with Ansible
• Dry Running Ansible Scripts
• Getting Started with Ansible