@ -293,7 +293,7 @@ class ActionBase(with_metaclass(ABCMeta, object)):
return remote_path
def _fixup_perms ( self , remote_path , remote_user , execut e= True , recursiv e= True ) :
def _fixup_perms ( self , remote_path s , remote_user , execut e= True ) :
"""
We need the files we upload to be readable ( and sometimes executable )
by the user being sudo ' d to but we want to limit other people ' s access
@ -319,15 +319,7 @@ class ActionBase(with_metaclass(ABCMeta, object)):
if self . _connection . _shell . SHELL_FAMILY == ' powershell ' :
# This won't work on Powershell as-is, so we'll just completely skip until
# we have a need for it, at which point we'll have to do something different.
return remote_path
if remote_path is None :
# Sometimes code calls us naively -- it has a var which could
# contain a path to a tmp dir but doesn't know if it needs to
# exist or not. If there's no path, then there's no need for us
# to do work
display . debug ( ' _fixup_perms called with remote_path==None. Sure this is correct? ' )
return remote_path
return remote_paths
if self . _play_context . become and self . _play_context . become_user not in ( ' root ' , remote_user ) :
# Unprivileged user that's different than the ssh user. Let's get
@ -340,17 +332,17 @@ class ActionBase(with_metaclass(ABCMeta, object)):
else :
mode = ' rX '
res = self . _remote_set_user_facl ( remote_path , self . _play_context . become_user , mod e, recursive = recursive , sudoable = Fals e)
res = self . _remote_set_user_facl ( remote_path s , self . _play_context . become_user , mod e)
if res [ ' rc ' ] != 0 :
# File system acls failed; let's try to use chown next
# Set executable bit first as on some systems an
# unprivileged user can use chown
if execute :
res = self . _remote_chmod ( ' u+x ' , remote_path , recursive = recursive )
res = self . _remote_chmod ( remote_paths , ' u+x ' )
if res [ ' rc ' ] != 0 :
raise AnsibleError ( ' Failed to set file mode on remote temporary files (rc: {0} , err: {1} ) ' . format ( res [ ' rc ' ] , res [ ' stderr ' ] ) )
res = self . _remote_chown ( remote_path , self . _play_context . become_user , recursive = recursive )
res = self . _remote_chown ( remote_path s , self . _play_context . become_user )
if res [ ' rc ' ] != 0 and remote_user == ' root ' :
# chown failed even if remove_user is root
raise AnsibleError ( ' Failed to change ownership of the temporary files Ansible needs to create despite connecting as root. Unprivileged become user would be unable to read the file. ' )
@ -359,7 +351,7 @@ class ActionBase(with_metaclass(ABCMeta, object)):
# chown and fs acls failed -- do things this insecure
# way only if the user opted in in the config file
display . warning ( ' Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user which may be insecure. For information on securing this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user ' )
res = self . _remote_chmod ( ' a+ %s ' % mod e, remote_path , recursive = recursiv e)
res = self . _remote_chmod ( remote_paths , ' a+ %s ' % mod e)
if res [ ' rc ' ] != 0 :
raise AnsibleError ( ' Failed to set file mode on remote files (rc: {0} , err: {1} ) ' . format ( res [ ' rc ' ] , res [ ' stderr ' ] ) )
else :
@ -368,33 +360,33 @@ class ActionBase(with_metaclass(ABCMeta, object)):
# Can't depend on the file being transferred with execute
# permissions. Only need user perms because no become was
# used here
res = self . _remote_chmod ( ' u+x ' , remote_path , recursive = recursive )
res = self . _remote_chmod ( remote_paths , ' u+x ' )
if res [ ' rc ' ] != 0 :
raise AnsibleError ( ' Failed to set file mode on remote files (rc: {0} , err: {1} ) ' . format ( res [ ' rc ' ] , res [ ' stderr ' ] ) )
return remote_path
return remote_path s
def _remote_chmod ( self , mode, path , recursive = Tru e, sudoable = False ) :
def _remote_chmod ( self , paths, mod e, sudoable = False ) :
'''
Issue a remote chmod command
'''
cmd = self . _connection . _shell . chmod ( mode, path , recursive = recursiv e)
cmd = self . _connection . _shell . chmod ( paths, mod e)
res = self . _low_level_execute_command ( cmd , sudoable = sudoable )
return res
def _remote_chown ( self , path , u ser , gro up= None , recur siv e= T rue , sudoable = False ) :
def _remote_chown ( self , path s, user, sudoable = False ) :
'''
Issue a remote chown command
'''
cmd = self . _connection . _shell . chown ( path , u ser , gro up, recur siv e= recursive )
cmd = self . _connection . _shell . chown ( path s, user)
res = self . _low_level_execute_command ( cmd , sudoable = sudoable )
return res
def _remote_set_user_facl ( self , path , user , mod e, recursive = Tru e, sudoable = False ) :
def _remote_set_user_facl ( self , path s , user , mod e, sudoable = False ) :
'''
Issue a remote call to setfacl
'''
cmd = self . _connection . _shell . set_user_facl ( path , user , mod e, recursive = recursiv e)
cmd = self . _connection . _shell . set_user_facl ( path s , user , mod e)
res = self . _low_level_execute_command ( cmd , sudoable = sudoable )
return res
@ -616,9 +608,17 @@ class ActionBase(with_metaclass(ABCMeta, object)):
environment_string = self . _compute_environment_string ( )
remote_files = None
if args_file_path :
remote_files = tmp , remote_module_path , args_file_path
elif remote_module_path :
remote_files = tmp , remote_module_path
# Fix permissions of the tmp path and tmp files. This should be
# called after all files have been transferred.
self . _fixup_perms ( tmp , remote_user , recursive = True )
if remote_files :
self . _fixup_perms ( remote_files , remote_user )
cmd = " "
in_data = None