get_url ignores sgid bit on destination directory

[utoddl]

SUMMARY

The web asset downloaded by get_url overrides the sgid bit of the destination directory, even if the "group" parameter is not used, or if it is explicitly set to "{{ omit }}".

ISSUE TYPE

• Bug Report

COMPONENT NAME

git_url

ANSIBLE VERSION

$ ansible --version
ansible 2.9.3
  config file = /home/utoddl/.ansible.cfg
  configured module search path = ['/home/utoddl/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 3.7.6 (default, Jan 30 2020, 09:44:41) [GCC 9.2.1 20190827 (Red Hat 9.2.1-1)]

CONFIGURATION

ESC[0;33mAGNOSTIC_BECOME_PROMPT(/home/utoddl/.ansible.cfg) = TrueESC[0m
ESC[0;33mDEFAULT_GATHERING(/home/utoddl/.ansible.cfg) = smartESC[0m
ESC[0;33mDEFAULT_HOST_LIST(/home/utoddl/.ansible.cfg) = ['/home/utoddl/tower/mw-ansible-defaults/inventory/hosts']ESC[0m

OS / ENVIRONMENT

RHEL-7

STEPS TO REPRODUCE

Pull down any web asset with git_url into a directory with the sgid bit set. Use "become". Compare the group of the downloaded asset to the group of the parent sgid directory.

    - name: download the apache-tomcat-{{ tcVersion }}.tar.gz
      get_url:
        url: "http://archive.apache.org/dist/tomcat/tomcat-{{ tcFamily }}/v{{ tcVersion }}/bin/{{ tcTarball }}"
        dest: "{{ mw_common_tomcat_staging_dir }}/{{ tcTarball }}"
        group: "{{ omit }}"
        mode: '0444'
      environment: "{{ tcProxyEnv if hostvars[tcDelegate]['ansible_default_ipv4']['address']|ipaddr('private') else { } }}"
      when:
        - "'no_tarball_md5' in tomcat_md5_test.stdout"
      delegate_to: "{{ tcDelegate }}"

EXPECTED RESULTS

One would expect the downloaded asset's group to be that of the containing directory, as that directory's sgid bit is set.

ACTUAL RESULTS

The actual group of the downloaded asset is "root" (since I'm running with "become").

I strongly suspect this isn't a problem with, or isolated to, the get_url module itself. get_url uses load_file_common_arguments() and set_fs_attributes_if_different() from ./lib/ansible/module_utils/basic.py, and I believe the problem is that these and related functions don't take the sgid bit of containing directories into account when the "group" parameter has been determined to be None.

In fact, I would not be at all surprised if this isn't at the root of issue #33865.

[ansibot]

Files identified in the description:

• lib/ansible/modules/net_tools/basics/get_url.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibot]

cc @jpmens @ptux
click here for bot help

[jpmens]

I agree and also don't think this is a get_url issue.

[ansibot]

Files identified in the description:
None

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[mkrizek]

bot_status

[ansibot]

Files identified in the description:

• lib/ansible/modules/get_url.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibot]

Components

lib/ansible/modules/get_url.py
support: core
maintainers: jpmens ptux

Metadata

waiting_on: maintainer
needs_info: False

click here for bot help

[ansibot]

Files identified in the description:
None

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help