Yeah, please let us know. One point of clarification - I think you may possibly be confusing SELinux and ACLs, which are different things.
ACLs do not come from SELinux, they are managed by setfacl/etc. (There's also a handy acl module in Ansible!) On Wed, Sep 10, 2014 at 7:32 AM, Stein Inge Morisbak <[email protected]> wrote: > Sorry about the tarball. It won't happen again. > > After some further investigation it seems that it might have something to > do with SELinux ACL after all. The httpd directory in /etc/httpd/conf has a > dot after its access list (drwxr-xr-x.). I don't know if this is the > problem yet, but I will do some further investigations. Thanks for > mentioning SELinux. > > I will keep you posted. > > 2014-09-10 12:26 GMT+02:00 Abubakr-Sadik Nii Nai Davis <[email protected]> > : > >> Well noted. >> >> On Tuesday, September 9, 2014 7:13:49 PM UTC, Michael DeHaan wrote: >>> >>> As a general rule, I don't crack open tarballs attached to the list - >>> and I would request that since there are thousands of users on this list we >>> don't start using it for attachments. >>> >>> (I'm not sure I can turn it off). >>> >>> A gist or github repo would be welcome, or even pastebin for smaller >>> things. >>> >>> In many cases, it can just be shown inline. >>> >>> >>> >>> On Tue, Sep 9, 2014 at 12:21 PM, Stein Inge Morisbak <[email protected]> >>> wrote: >>> >>>> I have attached the whole shebang to reproduce it. >>>> >>>> Requirements is: >>>> - the same username on the server set up with an authorized key and >>>> belonging to a group. >>>> - A file: /etc/httpd/conf/httpd.conf owned by a different user, but >>>> writable for the group the first user belongs to. >>>> >>>> >>>> >>>> 2014-09-09 17:45 GMT+02:00 Michael DeHaan <[email protected]>: >>>> >>>>> Can you show more of the playbook in context? >>>>> >>>>> I'm missing task names and such and wanted to be clear about something. >>>>> >>>>> I may have some other questions after that. >>>>> >>>>> >>>>> >>>>> On Mon, Sep 8, 2014 at 5:51 PM, Stein Inge Morisbak <[email protected]> >>>>> wrote: >>>>> >>>>>> Yup. It is non-sudo and non-root. >>>>>> >>>>>> $ ansible --version >>>>>> ansible 1.7.1 >>>>>> >>>>>> stanza: >>>>>> --- >>>>>> - hosts: myservers >>>>>> roles: >>>>>> - httpd >>>>>> remote_user: "{{ lookup('env','USER') }}" >>>>>> gather_facts: False >>>>>> sudo: False >>>>>> >>>>>> $ ansible-playbook -i test myservers.yml >>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace file: >>>>>> /home/steinim/.ansible/tmp/ansible-tmp-1410212872.62-18948176608778/source >>>>>> to /etc/httpd/conf/httpd.conf: [Errno 1] Operation not permitted: >>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf'", "failed": true} >>>>>> Exception OSError: (2, 'No such file or directory', >>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf') in <bound method >>>>>> _TemporaryFileWrapper.__del__ of <closed file '<fdopen>', mode 'w+b' at >>>>>> 0x1e946f0>> ignored >>>>>> >>>>>> Since I am in the group developers and have write access to the file >>>>>> and directory I would expect that I can overwrite the file. >>>>>> >>>>>> >>>>>> kl. 23:36:02 UTC+2 mandag 8. september 2014 skrev Michael DeHaan >>>>>> følgende: >>>>>>> >>>>>>> Can you please share the ansible --version as well as the command >>>>>>> line invocation you are using and the stanza of your playbook? >>>>>>> >>>>>>> Sounds like you are doing something non-sudo most likely, or non >>>>>>> root, that doesn't have enough permissions. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mon, Sep 8, 2014 at 7:50 AM, Stein Inge Morisbak < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> I am trying to run the following task: >>>>>>>> >>>>>>>> - name: copy httpd.conf to /etc/httpd/conf folder >>>>>>>> copy: src=httpd.conf dest="/etc/httpd/conf" >>>>>>>> >>>>>>>> Ownership on the server is: >>>>>>>> >>>>>>>> drwxrwsr-x 2 root developers 4096 Sep 8 13:33 . >>>>>>>> drwxrwsr-x 5 root developers 4096 Sep 4 17:51 .. >>>>>>>> -rw-rw-r-- 1 root developers 34744 Apr 3 16:01 httpd.conf >>>>>>>> >>>>>>>> I am a member of the developers group. The directory and file has >>>>>>>> write permission for the developers group. However the task fails with >>>>>>>> this >>>>>>>> error message: >>>>>>>> >>>>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace >>>>>>>> file: >>>>>>>> /home/steinim/.ansible/tmp/ansible-tmp-1410176741.01-248154513611723/source >>>>>>>> to /etc/httpd/conf/httpd.conf: [Errno 1] Operation not permitted: >>>>>>>> '/etc/httpd/conf/.ansible_tmpZ7a3MQhttpd.conf'", "failed": true} >>>>>>>> >>>>>>>> Am I missing something, or should this work? >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "Ansible Project" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To post to this group, send email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/90f29162- >>>>>>>> 3cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com >>>>>>>> <https://groups.google.com/d/msgid/ansible-project/90f29162-3cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Ansible Project" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/ansible-project/7d4c1995-1eb9-4baa-9940- >>>>>> a5b98fc960da%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/ansible-project/7d4c1995-1eb9-4baa-9940-a5b98fc960da%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "Ansible Project" group. >>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>> topic/ansible-project/e7OIdscZXMo/unsubscribe. >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/ansible-project/CA%2BnsWgwkrstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR% >>>>> 3DsM4tf4g%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwkrstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR%3DsM4tf4g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> >>>> -- >>>> - Stein Inge >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/CAJJkzbazsnJ-xt4rXvwW0h2pUMnyoQzaHputu4_ >>>> hYFK_yMcWYQ%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/ansible-project/CAJJkzbazsnJ-xt4rXvwW0h2pUMnyoQzaHputu4_hYFK_yMcWYQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/e7OIdscZXMo/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/7a2ebd43-1678-4e9e-9884-489862c30c10%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/7a2ebd43-1678-4e9e-9884-489862c30c10%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > - Stein Inge > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc%2BfvdEW%3Di%2BpG4w%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc%2BfvdEW%3Di%2BpG4w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgztnuGt%2B_Gqt9DvhxdyOB2m-nR75QgK2zVN19c84QuKaA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
