From bdeeaa528dbc973ce0d93c58ccbd383bebc16fd4 Mon Sep 17 00:00:00 2001 From: Sergey <6213510+sshnaidm@users.noreply.github.com> Date: Wed, 6 Jul 2022 20:54:04 +0300 Subject: [PATCH] Fix 'Permission denied' in user module while generating SSH keys (#78040) (#78054) * Fix 'Permission denied' in user module while generating SSH keys Fix #78017 Use try/except for spwd usage to prevent "Permission denied". Signed-off-by: Sagi Shnaidman Co-authored-by: Abhijeet Kasurde (cherry picked from commit 30a923fb5c164d6cd18280c02422f75e611e8fb2) --- .../fragments/permission-denied-spwd-module.yml | 2 ++ lib/ansible/modules/user.py | 12 +++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/permission-denied-spwd-module.yml diff --git a/changelogs/fragments/permission-denied-spwd-module.yml b/changelogs/fragments/permission-denied-spwd-module.yml new file mode 100644 index 00000000000..437df4bc2ae --- /dev/null +++ b/changelogs/fragments/permission-denied-spwd-module.yml @@ -0,0 +1,2 @@ +bugfixes: + - user - Fix error "Permission denied" in user module while generating SSH keys (https://github.com/ansible/ansible/issues/78017). diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py index b247ba3682e..3e35e90facd 100644 --- a/lib/ansible/modules/user.py +++ b/lib/ansible/modules/user.py @@ -1052,7 +1052,17 @@ class User(object): max_needs_change = self.password_expire_max is not None if HAVE_SPWD: - shadow_info = spwd.getspnam(self.name) + try: + shadow_info = spwd.getspnam(self.name) + except KeyError: + return None, '', '' + except OSError as e: + # Python 3.6 raises PermissionError instead of KeyError + # Due to absence of PermissionError in python2.7 need to check + # errno + if e.errno in (errno.EACCES, errno.EPERM, errno.ENOENT): + return None, '', '' + raise min_needs_change &= self.password_expire_min != shadow_info.sp_min max_needs_change &= self.password_expire_max != shadow_info.sp_max