I suppose it could be made to check if the parent dir did not have permissions and in such case open the file, clear the contents, and write data back into it, but this seems a little gross to me.
In particular, copy operations on large files would require loading everything into memory, wouldn't they? Really this is the first time I've ever heard of this being a problem - not saying I'm not sympahethic - but it's interesting it has not been a request yet. On Mon, Jun 23, 2014 at 2:15 PM, Ben Hoyt <[email protected]> wrote: > I'm running into this exact issue too. We thought we'd make permissions as > tight as possible, but due to how atomic_move() works Ansible requires the > parent directory to be writeable too. > > Is there a best-practice workaround for this? Obviously one way is to just > make the parent directory writeable, but without that? Is there a way to > generate the template file locally and then copy it over in a non-atomic > way so it just requires write permissions on that file? Similar to how you > would be hand when editing the file with your favourite text editor? > > -Ben > > > On Friday, April 25, 2014 7:28:26 PM UTC-4, Jacob Weber wrote: >> >> That's disappointing. I'm going to have to re-think my permission scheme. >> But thanks for the info. >> JW >> >> >> On Friday, April 25, 2014 2:31:22 PM UTC-7, Brian Coca wrote: >>> >>> it would require a major change to how template/file/assemble/etc work. >>> In template's case the file is actually generated on the master and copied >>> to the target machine. >>> >>> ansible tries to make the change as atomic as possible (that is why it >>> needs write to the dir) to make sure no other process reads the file in an >>> inconsistent state. >>> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/cccc9357-c622-48eb-bb91-6afb54faeba6%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/cccc9357-c622-48eb-bb91-6afb54faeba6%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwXDddtGjyTT0487sDC6XQBH5g%3Dejqe3%3DXpnd7F3RD9xQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
