Permission denied while copy with sudo (Related to issue 2837)

2,422 views
Skip to first unread message

Vincent Hardion

unread,
Jul 18, 2013, 1:25:46 PM7/18/13
to ansible...@googlegroups.com
Hi everybody,

Another newbie in Ansible ...  
And I have a problem of permission with the copy task...

Problem when I launch the playbook :
 ansible-playbook -k -K -i dev all.yml -vvv
...
 failed: [acomputer.se] => {"failed": true, "item": ""}
 msg: Could not replace file: /home/xxx/.ansible/tmp/ansible-1374162746.23-59345204944449/source to /etc/ntp.conf: [Errno 13] Permission denied: '/home/xxx/.ansible/tmp/ansible-1374162746.23-59345204944449/source'

My configuration is:
 # role/common/tasks/main.yml
 - name: ensure NTP point out to the ntp server
   copy: src=ntp.conf dest=/etc/ntp.conf owner=root group=root mode=0644

 # all.yml
 - hosts: all
   sudo: yes
   roles:
   - common


My investigation shows me some relationship with this issues (https://github.com/ansible/ansible/issues/2837).
In my case the copy task move (instead of copy) the source file to /etc/.ntp... but the source file is read only for root !!!

I could reproduce the problem with this linux command :
sudo mv /home/xxx/.ansible/tmp/ansible-1374162746.23-59345204944449/source /etc/.ntp.conf.bug
mv: cannot remove `/home/xxx/.ansible/tmp/ansible-1374162746.23-59345204944449/source': Permission denied

Of course the mod of the file doesn't allow the write access :
~% ll /home/xxx/.ansible/tmp/ansible-1374162746.23-59345204944449       
total 44
-rw-r--r-- 1 xxx yyy 38960 Jul 18 18:32 copy
-rw-r--r-- 1 xxx yyy  1860 Jul 18 17:52 source

Questions :
  1. Is there a possibility to change the mod of the source file somehow ?
  2. Is there any reason to move the file instead of always copy it (see the patch https://github.com/bcoca/ansible/commit/bdeb370d7942119944ee4d04e94391fe6ffe2ff3) ? because in any case the tempdir will be deleted (I try to patch with success).
  3. for myself : Am I the only one ?
Thank you to have read this long topic.

Best regards,
Vincent

Michael DeHaan

unread,
Jul 18, 2013, 5:02:00 PM7/18/13
to ansible...@googlegroups.com
Before we dive into questions, as is a good case with all of these kind of reports, please share the version of Ansible you are using.

Sounds like your user might not own ~/.ansible here or something.

Anyway, there's an outstanding patch from Brian to tweak the code to do renames in a few cases that may fix you up here, but I'm curious about what is unique about your system -- not a frequent report I've heard about.





--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
Michael DeHaan <mic...@ansibleworks.com>
CTO, AnsibleWorks, Inc.
http://www.ansibleworks.com/

Vincent Hardion

unread,
Jul 19, 2013, 4:26:37 AM7/19/13
to ansible...@googlegroups.com
Thanks for your answer.
Effectively with the version of ansible is better. So I tried first with 1.2 (rpm from epel) but it happens with release1.2.1 and even the development branch.

I'm the owner of ~/.ansible. But now you talk about "unique" maybe one thing: the home directory is nfs mount. So when I launch ansible from computer A to computer B, ansible use the same "drive" space.

This pull request can be more explicit : https://github.com/ansible/ansible/pull/3587.

Best regards,
Vincent

Brian Coca

unread,
Jul 19, 2013, 7:59:19 AM7/19/13
to ansible...@googlegroups.com

Is NFS mounted with root squash?




Brian Coca

Vincent Hardion

unread,
Jul 19, 2013, 11:05:23 AM7/19/13
to ansible...@googlegroups.com
I'm not enough expert to say yes or no immediately.
Just let me google how to check that.

BTW Is there a way to change the temp dir? 




On Fri, Jul 19, 2013 at 1:59 PM, Brian Coca <bria...@gmail.com> wrote:

Is NFS mounted with root squash?




Brian Coca

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/yCN_yXa_GkM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.

Brian Coca

unread,
Jul 19, 2013, 11:07:37 AM7/19/13
to ansible...@googlegroups.com
run mount and it should show the options with which nfs was set up, it is probably the cause of this issue as root generally can do anything on a local box and should (selinux baring) never get a permission denied error.

yes, changing the temp dir will solve this case, there is a env var and an ansible.cfg setting.

On Fri, Jul 19, 2013 at 11:05 AM, Vincent Hardion <vincent...@gmail.com> wrote:
not enough expert to say yes or no immediately.
Just let me google how to check that.

BTW Is there a way to change the temp dir? 




--
Brian Coca
Stultorum infinitus est numerus
0110000101110010011001010110111000100111011101000010000001111001011011110111010100100000011100110110110101100001011100100111010000100001
Pedo mellon a minno

Vincent Hardion

unread,
Jul 19, 2013, 11:21:31 AM7/19/13
to ansible...@googlegroups.com
From the exports table the NFS is exported with root_squash (default behaviour)

Brian Coca

unread,
Jul 19, 2013, 11:23:48 AM7/19/13
to ansible...@googlegroups.com
Well, that explains the failure. 

As a workaround defining the ansible tmp dir outside of the NFS mount, which you should do anyways. You really wan't to keep the ansible tmp files local to the machine, specially if you are doing servers in parallel with the same home mounted.

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.
 
 

Michael DeHaan

unread,
Jul 19, 2013, 11:54:14 AM7/19/13
to ansible...@googlegroups.com
Just for clarification, have you tried the development branch as of about 20 minutes ago?

Some code changes in that regard and want to make sure you're trying latest before I try to replicate things.

--Michael





Best regards,
Vincent

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--

Michael DeHaan

unread,
Jul 19, 2013, 11:54:53 AM7/19/13
to ansible...@googlegroups.com
But yes, Brian is correct.   The ansible remote temp path should probably be configured and forced to /tmp in this case.


Vincent Hardion

unread,
Jul 19, 2013, 12:30:53 PM7/19/13
to ansible...@googlegroups.com
I have just pull the last version but it is the same behaviour.

~/projects/cfg-maxlab-ansible/etc/ansible% ansible-playbook --version
ansible-playbook 1.3 (devel f4b1e426ea) last updated 2013/07/19 18:08:52 (GMT +200)

TASK: [ensure NTP point out to the ntp server] ************************* 
failed: [computerA.se] => {"failed": true, "item": ""}
msg: Could not replace file: /home/xxx/.ansible/tmp/ansible-1374250532.29-44727094344629/source to /etc/ntp.conf: [Errno 13] Permission denied: '/home/xxx/.ansible/tmp/ansible-1374250532.29-44727094344629/source'


By changing the temp directory it works.

Thank you Michael and Brian.

Vincent


You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/yCN_yXa_GkM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.

Michael DeHaan

unread,
Jul 19, 2013, 2:23:06 PM7/19/13
to ansible...@googlegroups.com
Ok, thanks, good data.  I think we can improve the error message quality and also *possibly* tech the system to retry at the other location.


Vamsi krishna

unread,
Mar 8, 2018, 8:03:59 PM3/8/18
to Ansible Project
Hi vincent,

mee to facing the same issue...
changing the tmp directory means, what you mean??

you mean to change that in our hosts???? 

can u explain litttle bit clear...

Vamsi krishna

unread,
Mar 8, 2018, 8:05:55 PM3/8/18
to Ansible Project
When i am creating directory i am getting permission denied...

ansible version 2.4.3

"msg": "There was an issue creating /etc/xxxx as requested: [Errno 13] Permission denied: b'/etc/xxxx'

Toshio Kuratomi

unread,
Mar 9, 2018, 12:14:01 AM3/9/18
to ansible...@googlegroups.com
There's a configuration option, remote_tmp.  Setting that to a system directory (like /tmp or /var/tmp ) can fix this error.

To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4bae621f-b1d9-4ed7-87db-3dc76678b30f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Vamsi krishna

unread,
Mar 9, 2018, 1:06:29 PM3/9/18
to Ansible Project
Hello @Toshio ,

Thanks for your response, i tried and i changed in the ansible.cfg file to remote_tmp: /var/tmp and still same error....
Yaml file i am using.... 
 name: using
 hosts: all
 tasks:
   - name: creates directory
     file:
       path: /etc/xxxx
       state: directory
       owner: root
       group: root
       mode: 0755

Error i am getting.... 

"msg": "There was an issue creating /etc/xxxx as requested: [Errno 13] Permission denied: b'/etc/xxxx'  


Any help.....

thanks 

Toshio Kuratomi

unread,
Mar 9, 2018, 7:29:09 PM3/9/18
to ansible...@googlegroups.com
Your having a different problem than the person you replied to.  Your issue is that you don't have permission on the directory that you are asking ansible to create (/etc/xxxx ).  The original poster was having problems with an internal ansible temporary directory.

For your issue, you need the user you are logging into the remote machine as to have permission to create that directory *or* you need to use ansible's become facilities to become a user with sufficient permissions to create the directory.

For instance, on my machines ansible will log into the remote machine as an unprivilrged user and then use sudo with password to become root.  Using your playing, I'd invoke ansible with a commandline like this:

ansible-playbook --become --become-user=root -K test.yml




--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages