Menu
Using Ansible 2.1.4.0
Is it possible to set the sticky bit and folder permissions in 1 task?
Example;
# Shell is used over find module cause symlink breaks and performance
- name: Find directories in /tmp which are not valid
shell: find
/tmp/test -type d
\( ! -user root -o ! -group root -o ! -perm 775 \)
register: find1
- name: Set 775 for found directories
file:
path: "{{ item }}"
owner: root
group: vagrant
mode: 0775
state: directory
with_items: "{{ findPermission1.stdout_lines | default([]) }}"
- name: Find directories in /tmp which have no sticky bit
shell: find
/tmp/test -type d
\! -perm /1000
changed_when: false
register: find2
- name: Set permissions for found directories
file:
path: "{{ item }}"
owner: root
group: vagrant
mode: g+s
state: directory
recurse: no #cause it already found recurse
with_items: "{{ find.stdout_lines | default([]) }}"
Right now, I must have 2 different tasks to set the permissions. But they overwrite each other.
Goal: set the permission to 775 and g+s in one task.
726
Found it, one can use the official file module.
- name: Set sticky bit + 775 for directory
file:
path: /tmp/test
owner: root
group: vagrant
mode: u=rwx,g=rwx,o=rx,g+s
# mode: '02775' # also works
# mode: ug=rwx,o=rx,g+s # also works
state: directory
Goal: set the permission to 775 and g+s in one task.
- name: Set permissions for found directories
file:
path: "{{ item }}"
owner: root
group: vagrant
mode: 02775
state: directory
recurse: no #cause it already found recurse
with_items: ____
But I don't understand why you were checking for SUID (-perm /1000) and setting SGID (g+s) in the code. Neither I know what is the value of find, because you registered find1 and find2, but not find.
I also don't see a need to specify conditions for find, because Ansible module is idempotent/declarative and you want all directories to have the same permissions, so you can rely on Ansible.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
