d15812fabf
The controller's fixup_perms2 uses filesystem acls to make the temporary file for copy readable by an unprivileged become user. On Python3, the acls are then copied to the destination filename so we have to remove them from there. We can't remove them prior to the copy because we may not have permission to read the file if the acls are not present. We can't remove them in atomic_move() because the move function shouldn't know anything about controller features. We may want to generalize this into a helper function, though. Fixes #44412 Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
33 lines
817 B
YAML
33 lines
817 B
YAML
- block:
|
|
- block:
|
|
- name: Testing ACLs
|
|
copy:
|
|
content: "TEST"
|
|
mode: 0644
|
|
dest: "~/test.txt"
|
|
|
|
- shell: getfacl ~/test.txt
|
|
register: acls
|
|
|
|
become: yes
|
|
become_user: "{{ remote_unprivileged_user }}"
|
|
|
|
- name: Check that there are no ACLs leftovers
|
|
assert:
|
|
that:
|
|
- "'user:{{ remote_unprivileged_user }}:r-x\t#effective:r--' not in acls.stdout_lines"
|
|
|
|
- name: Check that permissions match with what was set in the mode param
|
|
assert:
|
|
that:
|
|
- "'user::rw-' in acls.stdout_lines"
|
|
- "'group::r--' in acls.stdout_lines"
|
|
- "'other::r--' in acls.stdout_lines"
|
|
|
|
always:
|
|
- name: Clean up
|
|
file:
|
|
path: "~/test.txt"
|
|
state: absent
|
|
become: yes
|
|
become_user: "{{ remote_unprivileged_user }}"
|