Merge pull request #15189 from nitzmahone/fix_mac_chown_chmod

fix Mac chown/chmod -R issue, add error checks
2016-03-29 07:57:27 -07:00 · 2016-03-29 07:57:27 -07:00 · 0c57411ff5
commit 0c57411ff5
parent 5fdac707fd 05af5c88ea
2 changed files with 29 additions and 13 deletions
--- a/lib/ansible/plugins/action/init.py
+++ b/lib/ansible/plugins/action/init.py
@ -308,11 +308,15 @@ class ActionBase(with_metaclass(ABCMeta, object)):
            # to work!
            if remote_user == 'root':
                # SSh'ing as root, therefore we can chown
-                self._remote_chown(remote_path, self._play_context.become_user, recursive=recursive)
+                res = self._remote_chown(remote_path, self._play_context.become_user, recursive=recursive)
+                if res['rc'] != 0:
+                    raise AnsibleError('Failed to set owner on remote files (rc: {0}, err: {1})'.format(res['rc'], res['stderr']))
                if execute:
                    # root can read things that don't have read bit but can't
                    # execute them.
-                    self._remote_chmod('u+x', remote_path, recursive=recursive)
+                    res = self._remote_chmod('u+x', remote_path, recursive=recursive)
+                    if res['rc'] != 0:
+                        raise AnsibleError('Failed to set file mode on remote files (rc: {0}, err: {1})'.format(res['rc'], res['stderr']))
            else:
                if execute:
                    mode = 'rx'
@ -325,14 +329,18 @@ class ActionBase(with_metaclass(ABCMeta, object)):
                        # fs acls failed -- do things this insecure way only
                        # if the user opted in in the config file
                        self._display.warning('Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user which may be insecure. For information on securing this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user')
-                        self._remote_chmod('a+%s' % mode, remote_path, recursive=recursive)
+                        res = self._remote_chmod('a+%s' % mode, remote_path, recursive=recursive)
+                        if res['rc'] != 0:
+                            raise AnsibleError('Failed to set file mode on remote files (rc: {0}, err: {1})'.format(res['rc'], res['stderr']))
                    else:
                        raise AnsibleError('Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user. For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user')
        elif execute:
            # Can't depend on the file being transferred with execute
            # permissions.  Only need user perms because no become was
            # used here
-            self._remote_chmod('u+x', remote_path, recursive=recursive)
+            res = self._remote_chmod('u+x', remote_path, recursive=recursive)
+            if res['rc'] != 0:
+                raise AnsibleError('Failed to set file mode on remote files (rc: {0}, err: {1})'.format(res['rc'], res['stderr']))

        return remote_path

@ -569,7 +577,9 @@ class ActionBase(with_metaclass(ABCMeta, object)):
                # not sudoing to root, so maybe can't delete files as that other user
                # have to clean up temp files as original user in a second step
                cmd2 = self._connection._shell.remove(tmp, recurse=True)
-                self._low_level_execute_command(cmd2, sudoable=False)
+                res2 = self._low_level_execute_command(cmd2, sudoable=False)
+                if res2['rc'] != 0:
+                    display.warning('Error deleting remote temporary files (rc: {0}, stderr: {1})'.format(res2['rc'], res2['stderr']))

        try:
            data = json.loads(self._filter_leading_non_json_lines(res.get('stdout', u'')))
--- a/lib/ansible/plugins/shell/init.py
+++ b/lib/ansible/plugins/shell/init.py
@ -54,23 +54,29 @@ class ShellBase(object):

    def chmod(self, mode, path, recursive=True):
        path = pipes.quote(path)
-        cmd = ['chmod', mode, path]
+        cmd = ['chmod']
+
        if recursive:
-            cmd.append('-R')
+            cmd.append('-R') # many chmods require -R before file list
+
+        cmd.extend([mode, path])
+
        return ' '.join(cmd)

    def chown(self, path, user, group=None, recursive=True):
        path = pipes.quote(path)
        user = pipes.quote(user)

-        if group is None:
-            cmd = ['chown', user, path]
-        else:
-            group = pipes.quote(group)
-            cmd = ['chown', '%s:%s' % (user, group), path]
+        cmd = ['chown']

        if recursive:
-            cmd.append('-R')
+            cmd.append('-R') # many chowns require -R before file list
+
+        if group is None:
+            cmd.extend([user, path])
+        else:
+            group = pipes.quote(group)
+            cmd.extend(['%s:%s' % (user, group), path])

        return ' '.join(cmd)