cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Clarify mode behavior for modules that can set file permissions (#72837)

Browse source
This commit is contained in:
Sam Doran 2020-12-08 10:11:36 -05:00 committed by GitHub
parent 711064a073
commit bc37976df2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/ansible/modules/copy.py
View file

@ -68,13 +68,18 @@ options:
- The permissions of the destination file or directory. - The permissions of the destination file or directory.
- For those used to C(/usr/bin/chmod) remember that modes are actually octal numbers. - For those used to C(/usr/bin/chmod) remember that modes are actually octal numbers.
You must either add a leading zero so that Ansible's YAML parser knows it is an octal number You must either add a leading zero so that Ansible's YAML parser knows it is an octal number
(like C(0644) or C(01777))or quote it (like C('644') or C('1777')) so Ansible receives a string (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string
and can do its own conversion from string into number. Giving Ansible a number without following and can do its own conversion from string into number. Giving Ansible a number without following
one of these rules will end up with a decimal number which will have unexpected results. one of these rules will end up with a decimal number which will have unexpected results.
- As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)). - As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)).
- As of Ansible 2.3, the mode may also be the special string C(preserve). - As of Ansible 2.3, the mode may also be the special string C(preserve).
- C(preserve) means that the file will be given the same permissions as the source file. - C(preserve) means that the file will be given the same permissions as the source file.
- When doing a recursive copy, see also C(directory_mode). - When doing a recursive copy, see also C(directory_mode).
- If C(mode) is not specified and the destination file B(does not) exist, the default C(umask) on the system will be used
when setting the mode for the newly created file.
- If C(mode) is not specified and the destination file B(does) exist, the mode of the existing file will be used.
- Specifying C(mode) is the best way to ensure files are created with the correct permissions.
See CVE-2020-1736 for further details.
directory_mode: directory_mode:
description: description:
- When doing a recursive copy set the mode for the directories. - When doing a recursive copy set the mode for the directories.

5
lib/ansible/plugins/doc_fragments/files.py
View file

@ -25,6 +25,11 @@ options:
number which will have unexpected results. number which will have unexpected results.
- As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or - As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or
C(u=rw,g=r,o=r)). C(u=rw,g=r,o=r)).
- If C(mode) is not specified and the destination file B(does not) exist, the default C(umask) on the system will be used
when setting the mode for the newly created file.
- If C(mode) is not specified and the destination file B(does) exist, the mode of the existing file will be used.
- Specifying C(mode) is the best way to ensure files are created with the correct permissions.
See CVE-2020-1736 for further details.
type: raw type: raw
owner: owner:
description: description: