diff --git a/lib/ansible/runner/__init__.py b/lib/ansible/runner/__init__.py index f6f50f22b5..f91fad38cc 100644 --- a/lib/ansible/runner/__init__.py +++ b/lib/ansible/runner/__init__.py @@ -933,13 +933,13 @@ class Runner(object): # compare connection user to (su|sudo)_user and disable if the same if hasattr(conn, 'user'): - if conn.user == sudo_user or conn.user == su_user: + if (not su and conn.user == sudo_user) or (su and conn.user == su_user): sudoable = False su = False else: # assume connection type is local if no user attribute this_user = getpass.getuser() - if this_user == sudo_user or this_user == su_user: + if (not su and this_user == sudo_user) or (su and this_user == su_user): sudoable = False su = False