Setting dir vs file permissions with file "recurse=yes"

[Paul Sokolovsky]

Hello,

I just found out that "file" module's "mode" param accepts only octal
value. That comes as a little surprise, as
http://docs.ansible.com/file_module.html described "mode" as "mode the
file or directory should be, such as 0644 as would be fed to chmod". I
can feed "g+w" to chmod, so I kinda expected being able to use it with
Ansible either.

Anyway, how can I set just some, not all, permission bits of a
recursive directory hierarchy? The culprit is "x" permission, which
means completely different things for file vs dir. So, if I use 0775,
all files will become executable. And if I use 0664, all directories
would become non-searchable.

To remind, chmod, besides constructs like "g+w" to set just "w" bit for
groups, has another device to deal with the issue above -
"X" (capital), which will set "x" bit only for dirs.


Thanks,
Paul mailto:pmi...@gmail.com

[James Cammarata]

Per the documentation:

"recursively set the specified file attributes (applies only to state=directory) (added in Ansible 1.1)"

So the mode specified when using recurse=yes should be the mode you want applied to the directories. If you want more complex permission setups for large directories of files, I would recommend looking at the synchronize module.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20140605183541.1db3966c%40x34f.
For more options, visit https://groups.google.com/d/optout.

[C. Morgan Hamill]

This was submitted quite a while ago, perhaps it could be merged?
--
Morgan Hamill

[Paul Sokolovsky]

Hello,

On Thu, 5 Jun 2014 11:10:08 -0500
James Cammarata <jcamm...@ansible.com> wrote:

> Per the documentation:
>
> "recursively set the specified file attributes (applies only to
> state=directory) (added in Ansible 1.1)"
>
> So the mode specified when using recurse=yes should be the mode you
> want applied to the directories. If you want more complex permission
> setups for large directories of files, I would recommend looking at
> the synchronize module.

Fair enough, maybe I was just confused by chmod references, expecting
"file recurse=yes" to behave as chmod -R. I will employ the latter
directly then.


--
Best regards,
Paul mailto:pmi...@gmail.com

[Paul Sokolovsky]

Hello,

On Thu, 5 Jun 2014 11:10:08 -0500
James Cammarata <jcamm...@ansible.com> wrote:

> Per the documentation:
>
> "recursively set the specified file attributes (applies only to
> state=directory) (added in Ansible 1.1)"
>
> So the mode specified when using recurse=yes should be the mode you
> want applied to the directories. If you want more complex permission
> setups for large directories of files, I would recommend looking at
> the synchronize module.

And yet:

- name: Set download dir permissions
file: dest={{www_dir}} state=directory
owner=linaro-ci-publish group=bot-publishers
mode=0775
recurse=yes
sudo: yes


Before:
-rw-rw-r-- 1 www-data www-data 11 Mar 20 2013 HEADER.html

After:
-rwxrwxr-x 1 linaro-ci-publish bot-publishers 11 Mar 20 2013
HEADER.html


Bottom line? Ansible docs are nowhere detailed enough to remind even
Ansible developers how modules actually work, what to say about users
who need to *learn* how it works.

Another issue is that recursive=yes appear to work rather slow (taking
chmod -R as reference).

> https://groups.google.com/d/msgid/ansible-project/CAMFyvFhtgK7mzzyevAux9SmExXYeWkwUsj5b6i6nU2QBpKftpw%40mail.gmail.com.

> For more options, visit https://groups.google.com/d/optout.

[Michael DeHaan]

We welcome improvements via pull request.   Just click the edit link on any page of the docs in the upper right for a link to the GitHub page.

If it's a module, the docs are embedded in the module source.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20140605215309.21ca8eb8%40x34f.

[Damien Hollis]

Hi Michael,

I've been using Puppet for some time to configure our servers and I'm seriously looking at moving to Ansible.  In general I like Ansible a lot more than Puppet but this issue seems to be one area that Puppet has a solution for and Ansible doesn't.  Is there a way to make sure that directories get the x permission while files don't when using the recurse feature?  If not, is there a workaround?

Regards,

Damien

[Michael DeHaan]

I'm really not interested in tool comparisons here, but Puppet has not done the recursive thing either and actually takes the position you have to spec out every file path along the way.

I worked for them, I remember this, and I agree.  We do the same thing.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c835a527-a18e-4cd5-a70b-18f676a45646%40googlegroups.com.

[Paul Tötterman]

I'm really not interested in tool comparisons here, but Puppet has not done the recursive thing either and actually takes the position you have to spec out every file path along the way.

I suspect Damien meant:

file { '/target':

  source => 'file:///source',

  recurse => true,

  mode => '0644',

}

If /source contains a directory hierarchy, then all files contained will be copied to /target with mode '0644' and all directories (including /target itself) with mode '0755'.

That can be quite useful.

Cheers,

Paul

[Michael DeHaan]

Ansible does have a recursive copy, so I imagine you are requesting a change in the permissions structure?

I'd also recommend the synchronize module versus passing recurse to the copy module.  It's backed by rsync and is much more efficient.

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e0c99ebb-53c8-40ea-97ba-b69145063bc8%40googlegroups.com.