使用Ansible 2.1.4.0
是否可以在1个任务中设置sticky bit和文件夹权限?
实施例
# Shell is used over find module cause symlink breaks and performance
- name: Find directories in /tmp which are not valid
shell: find
/tmp/test -type d
\( ! -user root -o ! -group root -o ! -perm 775 \)
register: find1
- name: Set 775 for found directories
file:
path: "{{ item }}"
owner: root
group: vagrant
mode: 0775
state: directory
with_items: "{{ findPermission1.stdout_lines | default([]) }}"
- name: Find directories in /tmp which have no sticky bit
shell: find
/tmp/test -type d
\! -perm /1000
changed_when: false
register: find2
- name: Set permissions for found directories
file:
path: "{{ item }}"
owner: root
group: vagrant
mode: g+s
state: directory
recurse: no #cause it already found recurse
with_items: "{{ find.stdout_lines | default([]) }}"
现在,我必须有2个不同的任务来设置权限。但是他们互相覆盖。
目标:在一项任务中将权限设置为775和g + s。
答案 0 :(得分:9)
找到它。 http://docs.ansible.com/ansible/file_module.html
- name: Set sticky bit + 775 for directory
file:
path: /tmp/test
owner: root
group: vagrant
mode: u=rwx,g=rwx,o=rx,g+s
state: directory
答案 1 :(得分:3)
目标:在一项任务中将权限设置为775和g +。
- name: Set permissions for found directories
file:
path: "{{ item }}"
owner: root
group: vagrant
mode: 02775
state: directory
recurse: no #cause it already found recurse
with_items: ____
但我不明白为什么要检查SUID(-perm /1000)并在代码中设置SGID(g+s)。我不知道find的价值是什么,因为您注册了find1和find2,但没有find。
我也没有看到需要为find指定条件,因为Ansible模块是幂等/声明的,并且您希望所有目录具有相同的权限,因此您可以依赖Ansible。