From 9a0a5d834e7c12028ec00051810d284bc77dc089 Mon Sep 17 00:00:00 2001 From: Rudnei Bertol Junior Date: Thu, 14 Mar 2024 14:24:09 -0300 Subject: [PATCH] Fixes permission for cache json file from 600 to 644 (#82761) Until ansible-core 2.12 the facts cache file created by this module, have permission set as 644 which allows the other users to read the cache, since ansible-core 2.13, we create the temporary file, but we do not set the permission after renaming the temporary file. Adding the line to set the permission to allow other users/groups to read this file. --- ...-fact_cache-permissions-changed-after-ansible-coreupdate.yml | 2 ++ lib/ansible/plugins/cache/__init__.py | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 changelogs/fragments/82683-ansible-fact_cache-permissions-changed-after-ansible-coreupdate.yml diff --git a/changelogs/fragments/82683-ansible-fact_cache-permissions-changed-after-ansible-coreupdate.yml b/changelogs/fragments/82683-ansible-fact_cache-permissions-changed-after-ansible-coreupdate.yml new file mode 100644 index 00000000000..d12a416de37 --- /dev/null +++ b/changelogs/fragments/82683-ansible-fact_cache-permissions-changed-after-ansible-coreupdate.yml @@ -0,0 +1,2 @@ +bugfixes: + - Fixes permission for cache json file from 600 to 644 (https://github.com/ansible/ansible/issues/82683). diff --git a/lib/ansible/plugins/cache/__init__.py b/lib/ansible/plugins/cache/__init__.py index dc65b4c22a1..3bc5a16f303 100644 --- a/lib/ansible/plugins/cache/__init__.py +++ b/lib/ansible/plugins/cache/__init__.py @@ -28,6 +28,7 @@ from collections.abc import MutableMapping from ansible import constants as C from ansible.errors import AnsibleError +from ansible.module_utils.common.file import S_IRWU_RG_RO from ansible.module_utils.common.text.converters import to_bytes, to_text from ansible.plugins import AnsiblePlugin from ansible.plugins.loader import cache_loader @@ -164,6 +165,7 @@ class BaseFileCacheModule(BaseCacheModule): display.warning("error in '%s' cache plugin while trying to write to '%s' : %s" % (self.plugin_name, tmpfile_path, to_bytes(e))) try: os.rename(tmpfile_path, cachefile) + os.chmod(cachefile, mode=S_IRWU_RG_RO) except (OSError, IOError) as e: display.warning("error in '%s' cache plugin while trying to move '%s' to '%s' : %s" % (self.plugin_name, tmpfile_path, cachefile, to_bytes(e))) finally: