1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Use /var/tmp for root by default to avoid /tmp being mounted noexec, and segregate tmp files for other users

into their home directories.
This commit is contained in:
Michael DeHaan 2012-04-21 11:38:39 -04:00
parent 3d72260887
commit 3081bb93f1

View file

@ -187,7 +187,7 @@ class Runner(object):
if type(files) == str: if type(files) == str:
files = [ files ] files = [ files ]
for filename in files: for filename in files:
if not filename.startswith('/tmp/'): if filename.find('/tmp/') == -1:
raise Exception("not going to happen") raise Exception("not going to happen")
self._exec_command(conn, "rm -rf %s" % filename, None) self._exec_command(conn, "rm -rf %s" % filename, None)
@ -599,7 +599,14 @@ class Runner(object):
def _get_tmp_path(self, conn): def _get_tmp_path(self, conn):
''' gets a temporary path on a remote box ''' ''' gets a temporary path on a remote box '''
result, err = self._exec_command(conn, "mktemp -d /tmp/ansible.XXXXXX", None, sudoable=False) basetmp = "/var/tmp"
if self.remote_user != 'root':
basetmp = "/home/%s/.ansible/tmp" % self.remote_user
cmd = "mktemp -d %s/ansible.XXXXXX" % basetmp
if self.remote_user != 'root':
cmd = "mkdir -p %s && %s" % (basetmp, cmd)
result, err = self._exec_command(conn, cmd, None, sudoable=False)
cleaned = result.split("\n")[0].strip() + '/' cleaned = result.split("\n")[0].strip() + '/'
return cleaned return cleaned