From f4053fcf3ac47cd5eae9314f582d12df7e3298ed Mon Sep 17 00:00:00 2001 From: Lukas Wunner Date: Thu, 14 Aug 2014 16:39:53 +0200 Subject: [PATCH] Only chown on atomic move if invoked as root Linux and BSD derivatives do not allow unprivileged users to "give away" files to others for security reasons. (System V derivatives allow that but they're rare nowadays.) --- lib/ansible/module_utils/basic.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ansible/module_utils/basic.py b/lib/ansible/module_utils/basic.py index 3a541d67d65..0537dfd9bf3 100644 --- a/lib/ansible/module_utils/basic.py +++ b/lib/ansible/module_utils/basic.py @@ -1146,7 +1146,7 @@ class AnsibleModule(object): self.set_context_if_different( tmp_dest.name, context, False) tmp_stat = os.stat(tmp_dest.name) - if dest_stat and (tmp_stat.st_uid != dest_stat.st_uid or tmp_stat.st_gid != dest_stat.st_gid): + if dest_stat and (tmp_stat.st_uid != dest_stat.st_uid or tmp_stat.st_gid != dest_stat.st_gid) and os.getuid() == 0: os.chown(tmp_dest.name, dest_stat.st_uid, dest_stat.st_gid) os.rename(tmp_dest.name, dest) except (shutil.Error, OSError, IOError), e: