1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Added commas in documentation to increase readability (#15662)

I have added commas in some sentences here because even as a native English speaker, they were somewhat difficult to read.
This commit is contained in:
Jason Pettett 2016-04-29 23:51:04 +10:00 committed by Brian Coca
parent 361ee9d7a6
commit 4d9648dc15

View file

@ -97,19 +97,19 @@ is made as root. In these cases the module file is created with permissions
that only allow reading by the user and root. that only allow reading by the user and root.
The problem occurs when the ``become_user`` is an unprivileged user. Ansible The problem occurs when the ``become_user`` is an unprivileged user. Ansible
2.0.x and below make the module file world readable in this case as the module 2.0.x and below make the module file world readable in this case, as the module
file is written as the user that Ansible connects as but the file needs to file is written as the user that Ansible connects as, but the file needs to
be readable by the user Ansible is set to ``become``. be readable by the user Ansible is set to ``become``.
.. note:: In Ansible 2.1, this window is further narrowed: If the connection .. note:: In Ansible 2.1, this window is further narrowed: If the connection
is made as a privileged user (root) then Ansible 2.1 and above will use is made as a privileged user (root), then Ansible 2.1 and above will use
chown to set the file's owner to the unprivileged user being switched to. chown to set the file's owner to the unprivileged user being switched to.
This means both the user making the connection and the user being switched This means both the user making the connection and the user being switched
to via ``become`` must be unprivileged in order to trigger this problem. to via ``become`` must be unprivileged in order to trigger this problem.
If any of the parameters passed to the module are sensitive in nature then If any of the parameters passed to the module are sensitive in nature, then
those pieces of data are located in a world readable module file for the those pieces of data are located in a world readable module file for the
duration of the Ansible module execution. Once the module is done executing duration of the Ansible module execution. Once the module is done executing,
Ansible will delete the temporary file. If you trust the client machines then Ansible will delete the temporary file. If you trust the client machines then
there's no problem here. If you do not trust the client machines then this is there's no problem here. If you do not trust the client machines then this is
a potential danger. a potential danger.
@ -141,9 +141,9 @@ makes it harder to unknowingly do this insecurely. Whereas in Ansible 2.0.x
and below, Ansible will silently allow the insecure behaviour if it was unable and below, Ansible will silently allow the insecure behaviour if it was unable
to find another way to share the files with the unprivileged user, in Ansible to find another way to share the files with the unprivileged user, in Ansible
2.1 and above Ansible defaults to issuing an error if it can't do this 2.1 and above Ansible defaults to issuing an error if it can't do this
securely. If you can't make any of the changes above to resolve the problem securely. If you can't make any of the changes above to resolve the problem,
and you decide that the machine you're running on is secure enough for the and you decide that the machine you're running on is secure enough for the
modules you want to run there to be world readable you can turn on modules you want to run there to be world readable, you can turn on
``allow_world_readable_tmpfiles`` in the :file:`ansible.cfg` file. Setting ``allow_world_readable_tmpfiles`` in the :file:`ansible.cfg` file. Setting
``allow_world_readable_tmpfiles`` will change this from an error into ``allow_world_readable_tmpfiles`` will change this from an error into
a warning and allow the task to run as it did prior to 2.1. a warning and allow the task to run as it did prior to 2.1.