mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Try optimistic chown, do not error out if not permitted to chown
Add unit test
This commit is contained in:
parent
f4053fcf3a
commit
677de07f44
2 changed files with 32 additions and 3 deletions
|
@ -1145,9 +1145,13 @@ class AnsibleModule(object):
|
||||||
if self.selinux_enabled():
|
if self.selinux_enabled():
|
||||||
self.set_context_if_different(
|
self.set_context_if_different(
|
||||||
tmp_dest.name, context, False)
|
tmp_dest.name, context, False)
|
||||||
tmp_stat = os.stat(tmp_dest.name)
|
try:
|
||||||
if dest_stat and (tmp_stat.st_uid != dest_stat.st_uid or tmp_stat.st_gid != dest_stat.st_gid) and os.getuid() == 0:
|
tmp_stat = os.stat(tmp_dest.name)
|
||||||
os.chown(tmp_dest.name, dest_stat.st_uid, dest_stat.st_gid)
|
if dest_stat and (tmp_stat.st_uid != dest_stat.st_uid or tmp_stat.st_gid != dest_stat.st_gid):
|
||||||
|
os.chown(tmp_dest.name, dest_stat.st_uid, dest_stat.st_gid)
|
||||||
|
except OSError, e:
|
||||||
|
if e.errno != errno.EPERM:
|
||||||
|
raise
|
||||||
os.rename(tmp_dest.name, dest)
|
os.rename(tmp_dest.name, dest)
|
||||||
except (shutil.Error, OSError, IOError), e:
|
except (shutil.Error, OSError, IOError), e:
|
||||||
self.cleanup(tmp_dest.name)
|
self.cleanup(tmp_dest.name)
|
||||||
|
|
|
@ -180,3 +180,28 @@
|
||||||
- "copy_result6.changed"
|
- "copy_result6.changed"
|
||||||
- "copy_result6.dest == '{{output_dir|expanduser}}/multiline.txt'"
|
- "copy_result6.dest == '{{output_dir|expanduser}}/multiline.txt'"
|
||||||
- "copy_result6.md5sum == '1627d51e7e607c92cf1a502bf0c6cce3'"
|
- "copy_result6.md5sum == '1627d51e7e607c92cf1a502bf0c6cce3'"
|
||||||
|
|
||||||
|
# test overwriting a file as an unprivileged user (pull request #8624)
|
||||||
|
# this can't be relative to {{output_dir}} as ~root usually has mode 700
|
||||||
|
|
||||||
|
- name: create world writable directory
|
||||||
|
file: dest=/tmp/worldwritable state=directory mode=0777
|
||||||
|
|
||||||
|
- name: create world writable file
|
||||||
|
copy: dest=/tmp/worldwritable/file.txt content="bar" mode=0666
|
||||||
|
|
||||||
|
- name: overwrite the file as user nobody
|
||||||
|
copy: dest=/tmp/worldwritable/file.txt content="baz"
|
||||||
|
sudo: yes
|
||||||
|
sudo_user: nobody
|
||||||
|
register: copy_result7
|
||||||
|
|
||||||
|
- name: assert the file was overwritten
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "copy_result7.changed"
|
||||||
|
- "copy_result7.dest == '/tmp/worldwritable/file.txt'"
|
||||||
|
- "copy_result7.md5sum == '73feffa4b7f6bb68e44cf984c85f6e88'"
|
||||||
|
|
||||||
|
- name: clean up
|
||||||
|
file: dest=/tmp/worldwritable state=absent
|
||||||
|
|
Loading…
Reference in a new issue