0d7c144ce4
Change: - Use `chmod +a` in the fallback chain to allow MacOS to use ACLs to allow an unprivileged user to become an unprivileged user. Test Plan: - CI, new tests Tickets: - Fixes #70648 Signed-off-by: Rick Elrod <rick@elrod.me>
26 lines
594 B
YAML
26 lines
594 B
YAML
- name: Tests for chmod +a ACL functionality on macOS
|
|
hosts: ssh
|
|
gather_facts: yes
|
|
remote_user: unpriv1
|
|
become: yes
|
|
become_user: unpriv2
|
|
|
|
tasks:
|
|
- name: Get AnsiballZ temp directory
|
|
action: tmpdir
|
|
register: tmpdir
|
|
become_user: unpriv2
|
|
become: yes
|
|
|
|
- name: run whoami
|
|
command: whoami
|
|
register: whoami
|
|
|
|
- name: Ensure we used the right fallback
|
|
shell: ls -le /var/tmp/ansible*/*_command.py
|
|
register: ls
|
|
|
|
- assert:
|
|
that:
|
|
- whoami.stdout == "unpriv2"
|
|
- "'user:unpriv2 allow read' in ls.stdout"
|