cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Only chown on atomic move if invoked as root

Browse source 
Linux and BSD derivatives do not allow unprivileged users to
"give away" files to others for security reasons. (System V
derivatives allow that but they're rare nowadays.)
This commit is contained in:
Lukas Wunner 2014-08-14 16:39:53 +02:00
parent 448c0a950e
commit f4053fcf3a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/ansible/module_utils/basic.py
View file

@ -1146,7 +1146,7 @@ class AnsibleModule(object):
self.set_context_if_different(
tmp_dest.name, context, False)
tmp_stat = os.stat(tmp_dest.name)
if dest_stat and (tmp_stat.st_uid != dest_stat.st_uid or tmp_stat.st_gid != dest_stat.st_gid):
if dest_stat and (tmp_stat.st_uid != dest_stat.st_uid or tmp_stat.st_gid != dest_stat.st_gid) and os.getuid() == 0:
os.chown(tmp_dest.name, dest_stat.st_uid, dest_stat.st_gid)
os.rename(tmp_dest.name, dest)
except (shutil.Error, OSError, IOError), e: