Comment on is_executable's limitations and change logic to only use bit-manipulations

This is clearer to anyone who understands that unix file modes are bitfields.
2016-06-13 09:41:43 -07:00 · 2016-06-13 09:41:43 -07:00 · 0e98ce11c4
commit 0e98ce11c4
parent facea1ff0c
1 changed files with 11 additions and 4 deletions
--- a/lib/ansible/module_utils/basic.py
+++ b/lib/ansible/module_utils/basic.py
@ -511,10 +511,17 @@ def heuristic_log_sanitize(data, no_log_values=None):
    return output

 def is_executable(path):
-    '''is the given path executable?'''
-    return (stat.S_IXUSR & os.stat(path)[stat.ST_MODE]
-            or stat.S_IXGRP & os.stat(path)[stat.ST_MODE]
-            or stat.S_IXOTH & os.stat(path)[stat.ST_MODE])
+    '''is the given path executable?
+
+    Limitations:
+    * Does not account for FSACLs.
+    * Most times we really want to know "Can the current user execute this
+      file"  This function does not tell us that, only if an execute bit is set.
+    '''
+    # These are all bitfields so first bitwise-or all the permissions we're
+    # looking for, then bitwise-and with the file's mode to determine if any
+    # execute bits are set.
+    return ((stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH) & os.stat(path)[stat.ST_MODE])

 def _load_params():
    ''' read the modules parameters and store them globally.