Hi! It took some time before i could look into this. Anyway, I think it has to do with this issue: https://github.com/ansible/ansible/issues/7372
The template-module always does `chown`, and that will not work when running as a non-root user when the files are owned by root even if the group has write permission. - Stein Inge kl. 14:35:36 UTC+2 onsdag 10. september 2014 skrev Michael DeHaan følgende: > > Yeah, please let us know. > > One point of clarification - I think you may possibly be confusing SELinux > and ACLs, which are different things. > > ACLs do not come from SELinux, they are managed by setfacl/etc. > > (There's also a handy acl module in Ansible!) > > > > > On Wed, Sep 10, 2014 at 7:32 AM, Stein Inge Morisbak <[email protected] > <javascript:>> wrote: > >> Sorry about the tarball. It won't happen again. >> >> After some further investigation it seems that it might have something to >> do with SELinux ACL after all. The httpd directory in /etc/httpd/conf has a >> dot after its access list (drwxr-xr-x.). I don't know if this is the >> problem yet, but I will do some further investigations. Thanks for >> mentioning SELinux. >> >> I will keep you posted. >> >> 2014-09-10 12:26 GMT+02:00 Abubakr-Sadik Nii Nai Davis <[email protected] >> <javascript:>>: >> >>> Well noted. >>> >>> On Tuesday, September 9, 2014 7:13:49 PM UTC, Michael DeHaan wrote: >>>> >>>> As a general rule, I don't crack open tarballs attached to the list - >>>> and I would request that since there are thousands of users on this list >>>> we >>>> don't start using it for attachments. >>>> >>>> (I'm not sure I can turn it off). >>>> >>>> A gist or github repo would be welcome, or even pastebin for smaller >>>> things. >>>> >>>> In many cases, it can just be shown inline. >>>> >>>> >>>> >>>> On Tue, Sep 9, 2014 at 12:21 PM, Stein Inge Morisbak <[email protected]> >>>> wrote: >>>> >>>>> I have attached the whole shebang to reproduce it. >>>>> >>>>> Requirements is: >>>>> - the same username on the server set up with an authorized key and >>>>> belonging to a group. >>>>> - A file: /etc/httpd/conf/httpd.conf owned by a different user, but >>>>> writable for the group the first user belongs to. >>>>> >>>>> >>>>> >>>>> 2014-09-09 17:45 GMT+02:00 Michael DeHaan <[email protected]>: >>>>> >>>>>> Can you show more of the playbook in context? >>>>>> >>>>>> I'm missing task names and such and wanted to be clear about >>>>>> something. >>>>>> >>>>>> I may have some other questions after that. >>>>>> >>>>>> >>>>>> >>>>>> On Mon, Sep 8, 2014 at 5:51 PM, Stein Inge Morisbak <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Yup. It is non-sudo and non-root. >>>>>>> >>>>>>> $ ansible --version >>>>>>> ansible 1.7.1 >>>>>>> >>>>>>> stanza: >>>>>>> --- >>>>>>> - hosts: myservers >>>>>>> roles: >>>>>>> - httpd >>>>>>> remote_user: "{{ lookup('env','USER') }}" >>>>>>> gather_facts: False >>>>>>> sudo: False >>>>>>> >>>>>>> $ ansible-playbook -i test myservers.yml >>>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace file: >>>>>>> /home/steinim/.ansible/tmp/ansible-tmp-1410212872.62-18948176608778/source >>>>>>> >>>>>>> to /etc/httpd/conf/httpd.conf: [Errno 1] Operation not permitted: >>>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf'", "failed": true} >>>>>>> Exception OSError: (2, 'No such file or directory', >>>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf') in <bound method >>>>>>> _TemporaryFileWrapper.__del__ of <closed file '<fdopen>', mode 'w+b' at >>>>>>> 0x1e946f0>> ignored >>>>>>> >>>>>>> Since I am in the group developers and have write access to the file >>>>>>> and directory I would expect that I can overwrite the file. >>>>>>> >>>>>>> >>>>>>> kl. 23:36:02 UTC+2 mandag 8. september 2014 skrev Michael DeHaan >>>>>>> følgende: >>>>>>>> >>>>>>>> Can you please share the ansible --version as well as the command >>>>>>>> line invocation you are using and the stanza of your playbook? >>>>>>>> >>>>>>>> Sounds like you are doing something non-sudo most likely, or non >>>>>>>> root, that doesn't have enough permissions. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Sep 8, 2014 at 7:50 AM, Stein Inge Morisbak < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> I am trying to run the following task: >>>>>>>>> >>>>>>>>> - name: copy httpd.conf to /etc/httpd/conf folder >>>>>>>>> copy: src=httpd.conf dest="/etc/httpd/conf" >>>>>>>>> >>>>>>>>> Ownership on the server is: >>>>>>>>> >>>>>>>>> drwxrwsr-x 2 root developers 4096 Sep 8 13:33 . >>>>>>>>> drwxrwsr-x 5 root developers 4096 Sep 4 17:51 .. >>>>>>>>> -rw-rw-r-- 1 root developers 34744 Apr 3 16:01 httpd.conf >>>>>>>>> >>>>>>>>> I am a member of the developers group. The directory and file has >>>>>>>>> write permission for the developers group. However the task fails >>>>>>>>> with this >>>>>>>>> error message: >>>>>>>>> >>>>>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace >>>>>>>>> file: >>>>>>>>> /home/steinim/.ansible/tmp/ansible-tmp-1410176741.01-248154513611723/source >>>>>>>>> >>>>>>>>> to /etc/httpd/conf/httpd.conf: [Errno 1] Operation not permitted: >>>>>>>>> '/etc/httpd/conf/.ansible_tmpZ7a3MQhttpd.conf'", "failed": true} >>>>>>>>> >>>>>>>>> Am I missing something, or should this work? >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Ansible Project" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/ansible-project/90f29162- >>>>>>>>> 3cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com >>>>>>>>> <https://groups.google.com/d/msgid/ansible-project/90f29162-3cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Ansible Project" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/ansible-project/ >>>>>>> 7d4c1995-1eb9-4baa-9940-a5b98fc960da%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/ansible-project/7d4c1995-1eb9-4baa-9940-a5b98fc960da%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to a topic in >>>>>> the Google Groups "Ansible Project" group. >>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>>> topic/ansible-project/e7OIdscZXMo/unsubscribe. >>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>> [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/ansible-project/CA%2BnsWgwkrstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR% >>>>>> 3DsM4tf4g%40mail.gmail.com >>>>>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwkrstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR%3DsM4tf4g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> - Stein Inge >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Ansible Project" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/ansible-project/CAJJkzbazsnJ-xt4rXvwW0h2pUMnyoQzaHputu4_ >>>>> hYFK_yMcWYQ%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/ansible-project/CAJJkzbazsnJ-xt4rXvwW0h2pUMnyoQzaHputu4_hYFK_yMcWYQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/e7OIdscZXMo/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected] <javascript:>. >>> To post to this group, send email to [email protected] >>> <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/7a2ebd43-1678-4e9e-9884-489862c30c10%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/ansible-project/7a2ebd43-1678-4e9e-9884-489862c30c10%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> - Stein Inge >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc%2BfvdEW%3Di%2BpG4w%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc%2BfvdEW%3Di%2BpG4w%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c5dbd929-d508-4c01-9791-04a3ff4ba77b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
