Hi!
It took some time before i could look into this. Anyway, I think it has to
do with this issue: https://github.com/ansible/ansible/issues/7372
The template-module always does `chown`, and that will not work when
running as a non-root user when the files are owned by root even if the
group has write permission.
- Stein Inge
kl. 14:35:36 UTC+2 onsdag 10. september 2014 skrev Michael DeHaan følgende:
>
> Yeah, please let us know.
>
> One point of clarification - I think you may possibly be confusing SELinux
> and ACLs, which are different things.
>
> ACLs do not come from SELinux, they are managed by setfacl/etc.
>
> (There's also a handy acl module in Ansible!)
>
>
>
>
> On Wed, Sep 10, 2014 at 7:32 AM, Stein Inge Morisbak <ste...@gmail.com
> <javascript:>> wrote:
>
>> Sorry about the tarball. It won't happen again.
>>
>> After some further investigation it seems that it might have something to
>> do with SELinux ACL after all. The httpd directory in /etc/httpd/conf has a
>> dot after its access list (drwxr-xr-x.). I don't know if this is the
>> problem yet, but I will do some further investigations. Thanks for
>> mentioning SELinux.
>>
>> I will keep you posted.
>>
>> 2014-09-10 12:26 GMT+02:00 Abubakr-Sadik Nii Nai Davis <dwa...@gmail.com
>> <javascript:>>:
>>
>>> Well noted.
>>>
>>> On Tuesday, September 9, 2014 7:13:49 PM UTC, Michael DeHaan wrote:
>>>>
>>>> As a general rule, I don't crack open tarballs attached to the list -
>>>> and I would request that since there are thousands of users on this list
>>>> we
>>>> don't start using it for attachments.
>>>>
>>>> (I'm not sure I can turn it off).
>>>>
>>>> A gist or github repo would be welcome, or even pastebin for smaller
>>>> things.
>>>>
>>>> In many cases, it can just be shown inline.
>>>>
>>>>
>>>>
>>>> On Tue, Sep 9, 2014 at 12:21 PM, Stein Inge Morisbak <ste...@gmail.com>
>>>> wrote:
>>>>
>>>>> I have attached the whole shebang to reproduce it.
>>>>>
>>>>> Requirements is:
>>>>> - the same username on the server set up with an authorized key and
>>>>> belonging to a group.
>>>>> - A file: /etc/httpd/conf/httpd.conf owned by a different user, but
>>>>> writable for the group the first user belongs to.
>>>>>
>>>>>
>>>>>
>>>>> 2014-09-09 17:45 GMT+02:00 Michael DeHaan <mic...@ansible.com>:
>>>>>
>>>>>> Can you show more of the playbook in context?
>>>>>>
>>>>>> I'm missing task names and such and wanted to be clear about
>>>>>> something.
>>>>>>
>>>>>> I may have some other questions after that.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 8, 2014 at 5:51 PM, Stein Inge Morisbak <ste...@gmail.com
>>>>>> > wrote:
>>>>>>
>>>>>>> Yup. It is non-sudo and non-root.
>>>>>>>
>>>>>>> $ ansible --version
>>>>>>> ansible 1.7.1
>>>>>>>
>>>>>>> stanza:
>>>>>>> ---
>>>>>>> - hosts: myservers
>>>>>>> roles:
>>>>>>> - httpd
>>>>>>> remote_user: "{{ lookup('env','USER') }}"
>>>>>>> gather_facts: False
>>>>>>> sudo: False
>>>>>>>
>>>>>>> $ ansible-playbook -i test myservers.yml
>>>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace file:
>>>>>>> /home/steinim/.ansible/tmp/ansible-tmp-1410212872.62-18948176608778/source
>>>>>>>
>>>>>>> to /etc/httpd/conf/httpd.conf: [Errno 1] Operation not permitted:
>>>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf'", "failed": true}
>>>>>>> Exception OSError: (2, 'No such file or directory',
>>>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf') in <bound method
>>>>>>> _TemporaryFileWrapper.__del__ of <closed file '<fdopen>', mode 'w+b' at
>>>>>>> 0x1e946f0>> ignored
>>>>>>>
>>>>>>> Since I am in the group developers and have write access to the file
>>>>>>> and directory I would expect that I can overwrite the file.
>>>>>>>
>>>>>>>
>>>>>>> kl. 23:36:02 UTC+2 mandag 8. september 2014 skrev Michael DeHaan
>>>>>>> følgende:
>>>>>>>>
>>>>>>>> Can you please share the ansible --version as well as the command
>>>>>>>> line invocation you are using and the stanza of your playbook?
>>>>>>>>
>>>>>>>> Sounds like you are doing something non-sudo most likely, or non
>>>>>>>> root, that doesn't have enough permissions.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Sep 8, 2014 at 7:50 AM, Stein Inge Morisbak <
>>>>>>>> ste...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> I am trying to run the following task:
>>>>>>>>>
>>>>>>>>> - name: copy httpd.conf to /etc/httpd/conf folder
>>>>>>>>> copy: src=httpd.conf dest="/etc/httpd/conf"
>>>>>>>>>
>>>>>>>>> Ownership on the server is:
>>>>>>>>>
>>>>>>>>> drwxrwsr-x 2 root developers 4096 Sep 8 13:33 .
>>>>>>>>> drwxrwsr-x 5 root developers 4096 Sep 4 17:51 ..
>>>>>>>>> -rw-rw-r-- 1 root developers 34744 Apr 3 16:01 httpd.conf
>>>>>>>>>
>>>>>>>>> I am a member of the developers group. The directory and file has
>>>>>>>>> write permission for the developers group. However the task fails
>>>>>>>>> with this
>>>>>>>>> error message:
>>>>>>>>>
>>>>>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace
>>>>>>>>> file:
>>>>>>>>> /home/steinim/.ansible/tmp/ansible-tmp-1410176741.01-248154513611723/source
>>>>>>>>>
>>>>>>>>> to /etc/httpd/conf/httpd.conf: [Errno 1] Operation not permitted:
>>>>>>>>> '/etc/httpd/conf/.ansible_tmpZ7a3MQhttpd.conf'", "failed": true}
>>>>>>>>>
>>>>>>>>> Am I missing something, or should this work?
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>>> Groups "Ansible Project" group.
>>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>>> send an email to ansible-proje...@googlegroups.com.
>>>>>>>>> To post to this group, send email to ansible...@googlegroups.com.
>>>>>>>>> To view this discussion on the web visit
>>>>>>>>> https://groups.google.com/d/msgid/ansible-project/90f29162-
>>>>>>>>> 3cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com
>>>>>>>>> <https://groups.google.com/d/msgid/ansible-project/90f29162-3cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>>>>> .
>>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "Ansible Project" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to ansible-proje...@googlegroups.com.
>>>>>>> To post to this group, send email to ansible...@googlegroups.com.
>>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/ansible-project/
>>>>>>> 7d4c1995-1eb9-4baa-9940-a5b98fc960da%40googlegroups.com
>>>>>>> <https://groups.google.com/d/msgid/ansible-project/7d4c1995-1eb9-4baa-9940-a5b98fc960da%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>>> .
>>>>>>>
>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to a topic in
>>>>>> the Google Groups "Ansible Project" group.
>>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/
>>>>>> topic/ansible-project/e7OIdscZXMo/unsubscribe.
>>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>>> ansible-proje...@googlegroups.com.
>>>>>> To post to this group, send email to ansible...@googlegroups.com.
>>>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>>>> msgid/ansible-project/CA%2BnsWgwkrstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR%
>>>>>> 3DsM4tf4g%40mail.gmail.com
>>>>>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwkrstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR%3DsM4tf4g%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> - Stein Inge
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Ansible Project" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to ansible-proje...@googlegroups.com.
>>>>> To post to this group, send email to ansible...@googlegroups.com.
>>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>>> msgid/ansible-project/CAJJkzbazsnJ-xt4rXvwW0h2pUMnyoQzaHputu4_
>>>>> hYFK_yMcWYQ%40mail.gmail.com
>>>>> <https://groups.google.com/d/msgid/ansible-project/CAJJkzbazsnJ-xt4rXvwW0h2pUMnyoQzaHputu4_hYFK_yMcWYQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/e7OIdscZXMo/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> ansible-proje...@googlegroups.com <javascript:>.
>>> To post to this group, send email to ansible...@googlegroups.com
>>> <javascript:>.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/7a2ebd43-1678-4e9e-9884-489862c30c10%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/ansible-project/7a2ebd43-1678-4e9e-9884-489862c30c10%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> - Stein Inge
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-proje...@googlegroups.com <javascript:>.
>> To post to this group, send email to ansible...@googlegroups.com
>> <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc%2BfvdEW%3Di%2BpG4w%40mail.gmail.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc%2BfvdEW%3Di%2BpG4w%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c5dbd929-d508-4c01-9791-04a3ff4ba77b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
