I'm running into this exact issue too. We thought we'd make permissions as tight as possible, but due to how atomic_move() works Ansible requires the parent directory to be writeable too.
Is there a best-practice workaround for this? Obviously one way is to just make the parent directory writeable, but without that? Is there a way to generate the template file locally and then copy it over in a non-atomic way so it just requires write permissions on that file? Similar to how you would be hand when editing the file with your favourite text editor? -Ben On Friday, April 25, 2014 7:28:26 PM UTC-4, Jacob Weber wrote: > > That's disappointing. I'm going to have to re-think my permission scheme. > But thanks for the info. > JW > > > On Friday, April 25, 2014 2:31:22 PM UTC-7, Brian Coca wrote: >> >> it would require a major change to how template/file/assemble/etc work. >> In template's case the file is actually generated on the master and copied >> to the target machine. >> >> ansible tries to make the change as atomic as possible (that is why it >> needs write to the dir) to make sure no other process reads the file in an >> inconsistent state. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cccc9357-c622-48eb-bb91-6afb54faeba6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
