[root@clientbox tmp]# sestatus SELinux status: disabled Same result in both client and master. So I have been doing tests and I cannot read any file which is set 0440 owned by root, through ansible.
[root@clientbox tmp]# stat /etc/sudoers File: `/etc/sudoers' Size: 10092 Blocks: 24 IO Block: 4096 regular file Device: fd00h/64768d Inode: 1246098 Links: 1 Access: (0440/-r--r-----) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2014-04-08 13:55:52.000000000 +0100 Modify: 2014-04-08 12:59:46.000000000 +0100 Change: 2014-04-08 12:59:46.000000000 +0100 But I can do whatever I want through ssh, sudo and a pseudo tty. As it should be... And of course this is a issue *I* have. I still remember the cake of JP Mens. But still ansible does not play ball and straight ssh does. Any help appreciated. On Tuesday, 8 April 2014 15:21:01 UTC+1, James Cammarata wrote: > > Do you have selinux enforcing? > > > On Tue, Apr 8, 2014 at 5:13 AM, Makimoto Marakatti > <[email protected]<javascript:> > > wrote: > >> Hi all >> >> I'm having a weird issue that I can't figure out: >> >> I'm making a backup of /etc/sudoers from client boxes, before templating. >> ansible complains it has no rights to read /etc/sudoers. (with sudo) >> And yet it can read any other file in /etc/. >> /etc/sudoers has 0440 as permissions. >> >> I've tried with fetch, shell, command, and lastly script. >> All fail with some variation of this: >> >> failed: [clientbox] => {"changed": true, "rc": 1} >> stdout: cp: cannot open `/etc/sudoers' for reading: Permission denied >> >> And I know this is not a permissions issue as this actually works in the >> same box: >> >> ssh -t clientbox "sudo -Hi cp /etc/sudoers /tmp/temp_sudoers && sudo -Hi >> chmod 777 /tmp/temp_sudoers && scp /tmp/temp_sudoers >> ansible_masterbox:/tmp/" >> >> Could anyone please let me know what I'm doing wrong here? >> >> Thanks >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected]<javascript:> >> . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/eee2d34a-a2e5-408d-8ccc-e67c11d5a7ee%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/eee2d34a-a2e5-408d-8ccc-e67c11d5a7ee%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8b98787a-f883-41c6-acd8-4c62ceed3a9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
