-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing 'mode' on file copy can lead to too restrictive default permissions #314
Comments
I've been trying to figure out why a certain playbook wouldn't run. I get the exact error ""The previous default was '666'. Specify 'mode' to avoid this warning." I was on ansible 2.9.12. Problem started a week ago, so it must be this. What ansible version should I revert to so this error does not happen? Trial and error is taking forever as each time the Playbook fails it breaks networking and apt-get on the target server, so I have to re-install Ubuntu. |
FYI, anyone with a playbook broken because of this update the solution is $pip install ansible==2.9.10 Took me a frigging WEEK to figure out this was the root cause. Grrr. |
@dvallis According to the Porting Guide 2.9: Change to Default File Permissions, the default permission was changed to address the security issue CVE-2020-1736:
According to ansible/ansible#67794 (comment), the developers seem to be looking for a less disruptive solution now. |
🤦 Facepalm |
My CI jobs just started failing after Ansible 2.9.12 was released.
I noticed the following failure:
But locally (where I had 2.9.11) it was not failing. It was not until after scanning the rest of the failed job logs that I noticed:
This seems to be a major breaking change, as I still have a number of
file
,copy
,template
, etc. tasks which do not explicitly define amode
, and relied on the default behavior. It looks like others have been hitting this problem too: ansible/ansible#71200I'm not sure if the default will be changed back, but I guess in general, the best option is to always explicitly define
mode
now, since the system default will not be used in the name of security.The text was updated successfully, but these errors were encountered: