Issue with folder permissions with a playbook

10 views
Skip to first unread message

lift...@gmail.com

unread,
Jun 25, 2021, 11:30:57 AM6/25/21
to Ansible Project
We have a bash script that creates some folders and puts some ACLs on them, and we're trying to do this with an Ansible playbook.  When we run the bash script, the group permission is rwx like we want, but when running the playbook, it is only rx.  Any ideas as to why?

Bash script:
function SecondLevelDirectory {
   echo "Setting up $SITEDIRECTORY/$1..."
   if [ ! -d "$SITEDIRECTORY/$1" ]; then
      mkdir -p $SITEDIRECTORY/$1
   fi
   # Clear out any current ACLs
   setfacl -b $SITEDIRECTORY/$1

   chmod 750 $SITEDIRECTORY/$1
   chmod g+s $SITEDIRECTORY/$1
   chown user1.$SITEGROUPID $SITEDIRECTORY/$1
}
SecondLevelDirectory Adaptation
chmod 770 $SITEDIRECTORY/Adaptation
chgrp $OSFGROUP $SITEDIRECTORY/Adaptation
setfacl -m g:$SUPPORTINGGROUP:rwx $SITEDIRECTORY/Adaptation
setfacl -m d:g:$SUPPORTINGGROUP:rwx $SITEDIRECTORY/Adaptation

Same thing via Ansible:

  - name: Create {{ item.site }} Adaptation Directory
    file:
      path: "/tmp/{{ sitedir }}/{{ item.site }}/Adaptation"
      state: directory
      mode: '02750'
      owner: user1
      group: "{{ item.osf }}"

  - name: Adjust ownership of {{ item.site }} Adaptation Directory
    file:
      path: "/tmp/{{ sitedir }}/{{ item.site }}/Adaptation"
      state: directory
      mode: '022770'
      owner: user1
      group: "{{ item.osf }}"

  - name: Clear out current ACLs on {{ item.site }} Adaptation Directory
    command: "/bin/setfacl -b /tmp/{{ sitedir }}/{{ item.site }}/Adaptation"

  - name: Set Supporting OSF ACL on {{ item.site }} Adaptation Directory
    acl:
      path: "/tmp/{{ sitedir }}/{{ item.site }}/Adaptation"
      entity: "{{ item.sosf }}"
      etype: group
      permissions: rwx
      state: present

  - name: Set Site Group ACL on {{ item.site }} Adaptation Directory
    acl:
      path: "/tmp/{{ sitedir }}/{{ item.site }}/Adaptation"
      entity: "{{ item.group }}"
      etype: group
      permissions: rx
      state: present

Thanks,
Harry

Brian Coca

unread,
Jun 25, 2021, 12:09:29 PM6/25/21
to Ansible Project
mode: '022770' <= seems like a suspect



--
----------
Brian Coca

lift...@gmail.com

unread,
Jun 25, 2021, 2:18:54 PM6/25/21
to Ansible Project
Didn't make a difference.  When I run the bash script and do a "getfacl" on that directory, the group is rwx:

# file: Adaptation/
# owner: user1
# group: mygroup
# flags: -s-
user::rwx
group::rwx

With the playbook its rx:

# file: Adaptation/
# owner: user1
# group: mygroup
# flags: -s-
user::rwx
group::r-x

Harry

Reply all
Reply to author
Forward
0 new messages