Difference between become and become_user in Ansible

Question

Recently I started digging into Ansible and writing my own playbooks. However, I have a troubles with understanding difference between become and become_user. As I understand it become_user is something similar to su <username>, and become means something like sudo su or "perform all commands as a sudo user". But sometimes these two directives are mixed.

Could you explain the correct meaning of them?

Answer 1

1. become: yes = sudo
become_user: user_name = sudo -u user_name
2. become: yes
become_user: root is equivalent of become: yes

this link is explaining the difference clearly.

Answer 2

become_user defines the user which is being used for privilege escalation.

become simply is a flag to either activate or deactivate the same.

Here are three examples which should make it clear:

1. This task will be executed as root, because root is the default user for privilege escalation:

    - do: something    become: true 

2. This task will be executed as user someone, because the user is explicitly set:

    - do: something    become: true    become_user: someone 

3. This task will not do anything with become_user, because become is not set and defaults to false/no:

    - do: something    become_user: someone 

...unless become was set to true on a higher level, e.g. a block, the playbook, group or host-vars etc.

Here is an example with a block:

    - become: true       block:         - do: something           become_user: someone         - do: something 

The first 1st is ran as user someone, the 2nd as root.

As I understand it become_user is something similar to su , and become means something like sudo su or "perform all commands as a sudo user".

The default become_method is sudo, so sudo do something or sudo -u <become_user> do something

_{^{Fineprint: Of course "do: something" is pseudocode. Put your actual Ansible module there.}}