cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix the Solaris POSIX acl fix

Browse source 
For setfacl on Solaris we need to specify permissions like r-x.
For chmod, we need to specify them as rx (r-x means to make the file
readable and *not* executable)

(cherry picked from commit 255a5b5d75)
This commit is contained in:
Toshio Kuratomi 2016-11-22 12:16:04 -08:00
parent 0bed5d4d85
commit ac076dfc12
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/ansible/plugins/action/__init__.py
View file

@ -359,14 +359,16 @@ class ActionBase(with_metaclass(ABCMeta, object)):
# Try to use file system acls to make the files readable for sudo'd # Try to use file system acls to make the files readable for sudo'd
# user # user
if execute: if execute:
mode = 'r-x' chmod_mode = 'rx'
setfacl_mode = 'r-x'
else: else:
chmod_mode = 'rX'
### Note: this form fails silently on freebsd. We currently ### Note: this form fails silently on freebsd. We currently
# never call _fixup_perms2() with execute=False but if we # never call _fixup_perms2() with execute=False but if we
# start to we'll have to fix this. # start to we'll have to fix this.
mode = 'r-X' setfacl_mode = 'r-X'
res = self._remote_set_user_facl(remote_paths, self._play_context.become_user, mode) res = self._remote_set_user_facl(remote_paths, self._play_context.become_user, setfacl_mode)
if res['rc'] != 0: if res['rc'] != 0:
# File system acls failed; let's try to use chown next # File system acls failed; let's try to use chown next
# Set executable bit first as on some systems an # Set executable bit first as on some systems an
@ -388,7 +390,7 @@ class ActionBase(with_metaclass(ABCMeta, object)):
display.warning('Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user.' display.warning('Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user.'
' This may be insecure. For information on securing this, see' ' This may be insecure. For information on securing this, see'
' https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user') ' https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user')
res = self._remote_chmod(remote_paths, 'a+%s' % mode) res = self._remote_chmod(remote_paths, 'a+%s' % chmod_mode)
if res['rc'] != 0: if res['rc'] != 0:
raise AnsibleError('Failed to set file mode on remote files (rc: {0}, err: {1})'.format(res['rc'], to_native(res['stderr']))) raise AnsibleError('Failed to set file mode on remote files (rc: {0}, err: {1})'.format(res['rc'], to_native(res['stderr'])))
else: else: