I've got a set of systems that have a configuration file with the
"immutable" flag set on them by a previous setup process. The "lsattr
/etc/security/access.conf" on a RHEL 6 system shows the "i" flag set.
Manually doing a "chattr -i /etc/security/access.conf" removes the flag,
but I'd like to have Ansible remove this flag if found on a few of these
files.
I setup a playbook with this play:
- name: "Remove immutable flag"
file:
path: /etc/security/access.conf
attributes: "-i"
The documentation isn't clear on what "attributes" can be but the file
module call chattr with the "=" precursor before the attributes. For my
case, I can just send "e" as the attribute (which effectively removes "i",
the only attribute on this file usually), but it doesn't make it easy to
enforce a single change without knowing and setting all attributes.
(Admittedly that would be more idempotent.)
Can someone update the the documentation, to add this note on the usage?
Or, can the command line fed to chattr be updated to remove the "=" before
the attributes when a +/- is present in the attributes line? That makes it
easy to use "-i" to remove immutable, or "+i" to add immutable flag, though
I haven't thought through the ramifications and idempotent features...
Thanks,
Dan
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c19b9490-ee85-4ce0-828e-6cdebc6d9b0c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
