From 2bfddb015d2d5d162647957c31431baf30a30938 Mon Sep 17 00:00:00 2001
From: James Cammarata <jimi@sngx.net>
Date: Sun, 26 Jul 2015 14:40:22 -0400
Subject: [PATCH] In copy, set the mode before running th validation

Because some programs that do validation (like visudo) may require
the permissions to be more restricted.

Fixes ansible/ansible#11385
---
 files/copy.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/files/copy.py b/files/copy.py
index 711c4ec8e52..f9f1b365c74 100644
--- a/files/copy.py
+++ b/files/copy.py
@@ -220,6 +220,7 @@ def main():
     original_basename = module.params.get('original_basename',None)
     validate = module.params.get('validate',None)
     follow = module.params['follow']
+    mode   = module.params['mode']
 
     if not os.path.exists(src):
         module.fail_json(msg="Source %s failed to transfer" % (src))
@@ -289,6 +290,11 @@ def main():
                 os.unlink(dest)
                 open(dest, 'w').close()
             if validate:
+                # if we have a mode, make sure we set it on the temporary
+                # file source as some validations may require it
+                # FIXME: should we do the same for owner/group here too?
+                if mode is not None:
+                    module.set_mode_if_different(src, mode, False)
                 if "%s" not in validate:
                     module.fail_json(msg="validate must contain %%s: %s" % (validate))
                 (rc,out,err) = module.run_command(validate % src)