tmp file permissions issues with sudo user

[Arunagiri]

Hi All,

We are facing issues while starting tomcat with sudo user and uses Ansible tower to setup credentials, tasks and execute them.

We have two users defined, user1 is ssh user to machine and user2 a sudo user.

This is a simple play book tomcat_test.yml

- hosts: myhost

   roles:
     - { role: start_tomcat, tags: start_tomcat, sudo: "yes" }

and our role start_tomcat/main.yml

- name: Start tomcat
  command: "/opt/mycomp/tomcat/bin/catalina.sh start"

we had setup necessary credentials in Ansible tower.

Finally, the play ends up with the below error,

TASK: [start_tomcat | Start tomcat] ******************************************* 

<myhost> 

<myhost> PubkeyAuthentication=no ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

<myhost> 

<myhost> PubkeyAuthentication=no ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

<myhost> 

<myhost> PubkeyAuthentication=no ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

<myhost> 

<myhost> PubkeyAuthentication=no ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

<myhost> PubkeyAuthentication=no 'sudo -k && sudo -H -S -p "[sudo via ansible, key=tpkvehaqhrhlpfouiosqizgjnracaivi] password: " -u user2 /bin/sh -c '"'"'echo SUDO-SUCCESS-tpkvehaqhrhlpfouiosqizgjnracaivi; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /tmp/ansible-tmp-1445423071.8-136737887289093/async_wrapper 112567191489 99999999999999999999999999999999999999 /tmp/ansible-tmp-1445423071.8-136737887289093/command /tmp/ansible-tmp-1445423071.8-136737887289093/arguments'"'"'' ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

<myhost> PubkeyAuthentication=no ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

<myhost> 

<myhost> jid=112567191489.28870

<myhost> PubkeyAuthentication=no ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

<myhost> 

<myhost> PubkeyAuthentication=no ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

<myhost> PubkeyAuthentication=no 'sudo -k && sudo -H -S -p "[sudo via ansible, key=emkasljwbojrxjczgkuqjsmxhggelfjk] password: " -u user2 /bin/sh -c '"'"'echo SUDO-SUCCESS-emkasljwbojrxjczgkuqjsmxhggelfjk; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /tmp/ansible-tmp-1445423084.12-2731447374236/async_status'"'"'' ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

<myhost> PubkeyAuthentication=no ConnectTimeout=10 GSSAPIAuthentication=no User=user1 ControlPath=/tmp/ansible_tower_jy2J_h/cp/ansible-ssh-%h-%p-%r StrictHostKeyChecking=no ControlMaster=auto ControlPersist=180s

failed: [myhost] => {"ansible_job_id": "112567191489.28870", "changed": false, "cmd": "/tmp/ansible-tmp-1445423071.8-136737887289093/command /tmp/ansible-tmp-1445423071.8-136737887289093/arguments", "failed": 1, "finished": 1}

msg: [Errno 13] Permission denied

<job 112567191489.28870> FAILED on myhost

The play runs successfully with single user 'user2'. We had setup temp folder location to /tmp/ansible since we faced same issue with default tmp folder settings.

In addition, user1 and user2 are not in same user group and both doesn't have any permission to write on other's folder or files.

Kindly help on this.

-

Arun

[Arunagiri]

/tmp doesn't have execute permissions, once provided it works fine.

Thanks to Ansible Support.