Change files permissions with loop
239 views
Skip to first unread message
Thuan
Dec 31, 2020, 1:43:12 PM12/31/20
to Ansible Project
Hi all,
My playbook is working for single files but not for directories.
It doesn't check the folders permissions recursively.
============================================================
- name: Ensure system directories are own by root group.
block:
- name: Verify the command directories are exists.
become: true
stat:
path: "{{ item }}"
loop:
- /bin/
- /sbin/
- /usr/bin/
- /usr/sbin/
- /usr/local/bin
- /usr/local/sbin
register: command_directories
- name: Verify the ownership of command directories are belong to root.
loop: |
{{ command_directories.results | map(attribute='item')|
zip(command_directories.results | map(attribute='stat.gr_name'))|list }}
assert:
that: item.1 == 'root'
loop_control:
label: "{{ item.0 }}"
- set_fact:
stig_text: "PASSED"
rescue:
- name: configure the command directories ownership to root and create if it doesn't exist.
become: true
file:
path: "{{ item.item }}"
group: root
state: "{{ 'directory' if item.stat.exists else 'touch' }}"
recurse: yes
loop: "{{ command_directories.results }}"
register: file_perms_rule
- set_fact:
stig_text: "PASSED"
when: file_perms_rule.changed
==================================================================
TASK [Verify the ownership of command directories are belong to root.] ***************************************
[WARNING]: The loop variable 'item' is already in use. You should set the `loop_var` value in the
`loop_control` option for the task to something else to avoid variable collisions and unexpected behavior.
ok: [localhost] => (item=/bin/) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/bin/",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/sbin/) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/sbin/",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/usr/bin/) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/usr/bin/",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/usr/sbin/) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/usr/sbin/",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/usr/local/bin) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/usr/local/bin",
"root"
],
"msg": "All assertions passed"
}
ok: [localhost] => (item=/usr/local/sbin) => {
"ansible_loop_var": "item",
"changed": false,
"item": [
"/usr/local/sbin",
"root"
],
"msg": "All assertions passed"
}
Michael Mullay
Dec 31, 2020, 3:54:24 PM12/31/20
to ansible...@googlegroups.com
Hi Thuan,
I'm not sure why you are just trying to assert the permissions rather than enforce them, but why not enforce them with something like:
- name: Change permissions recursively
hosts: all
gather_facts: False
ignore_errors: True
vars:
path: <put your path here>
modes:
d: '2755'
f: '0640'
tasks:
- name: Change permissions
command: find "{{ path }}" -type "{{ item.key }}" ! -perm "{{ item.value }}" -exec chmod -f "{{ item.value }}" {} \;
with_dict: "{{ modes }}"
register: result
changed_when: result.stdout != ""
hosts: all
gather_facts: False
ignore_errors: True
vars:
path: <put your path here>
modes:
d: '2755'
f: '0640'
tasks:
- name: Change permissions
command: find "{{ path }}" -type "{{ item.key }}" ! -perm "{{ item.value }}" -exec chmod -f "{{ item.value }}" {} \;
with_dict: "{{ modes }}"
register: result
changed_when: result.stdout != ""
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com.
Thuan
Dec 31, 2020, 4:27:52 PM12/31/20
to Ansible Project
Hi,
I want to use the block and rescue format.
I want to check the file permissions before change it.
Stefan Hornburg (Racke)
Jan 1, 2021, 6:54:09 AM1/1/21
to ansible...@googlegroups.com
On 12/31/20 7:43 PM, Thuan wrote:
> Hi all,
>
> My playbook is working for single files but not for directories.
> It doesn't check the folders permissions recursively.
>
I would use the find module, which works recursively and provides similar information
> Hi all,
>
> My playbook is working for single files but not for directories.
> It doesn't check the folders permissions recursively.
>
as the stat module. You also get a single list as you don't need a loop.
Regards
Racke
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com?utm_medium=email&utm_source=footer>.
> https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
Thuan
Jan 1, 2021, 11:10:27 AM1/1/21
to Ansible Project
I know I can use the shell command with find to get the result.
But it doesn't seem nice as the loop module.
Thanks
Thuan
Jan 4, 2021, 10:37:27 AM1/4/21
to Ansible Project
Hello,
Can somebody give me some examples of find module for this case ?
Thuan
Jun 7, 2022, 5:25:32 PM6/7/22
to Ansible Project
Nvm, I found an alternative solution.
Using find module and loop for this purpose.
Reply all
Reply to author
Forward
0 new messages