New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Fix copy module to reset filesystem acls #50419

Open
wants to merge 1 commit into
base: devel
from

Conversation

Projects
None yet
3 participants
@abadger
Copy link
Member

abadger commented Dec 31, 2018

The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.

We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to genrealize this into
a helper function, though.

Fixes #44412

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME
  • lib/ansible/modules/files/copy.py
  • lib/ansible/modules/files/template.py
  • lib/ansible/modules/files/assemble.py

Others which will be revealed after an audit of the code.

ADDITIONAL INFORMATION

This is still a work in progress. See the FIXME comments in the commit for what else needs to be done.

Fix copy module to reset filesystem acls
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user.  On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.

We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present.  We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features.  We may want to genrealize this into
a helper function, though.

Fixes #44412
@ansibot

This comment has been minimized.

Copy link
Contributor

ansibot commented Dec 31, 2018

@abadger

This comment has been minimized.

Copy link
Member

abadger commented Jan 15, 2019

This is definitely a bug but someone else will need to finish it up as I'm moving to a release engineering role and won't be working this issue to completion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment