Can you please share what version of Ansible you are using? (ansible --version)
Thanks! On Wed, Nov 5, 2014 at 7:32 AM, Stein Inge Morisbak <[email protected]> wrote: > Hi! > > It took some time before i could look into this. Anyway, I think it has to > do with this issue: https://github.com/ansible/ansible/issues/7372 > > The template-module always does `chown`, and that will not work when > running as a non-root user when the files are owned by root even if the > group has write permission. > > - Stein Inge > > kl. 14:35:36 UTC+2 onsdag 10. september 2014 skrev Michael DeHaan følgende: >> >> Yeah, please let us know. >> >> One point of clarification - I think you may possibly be confusing >> SELinux and ACLs, which are different things. >> >> ACLs do not come from SELinux, they are managed by setfacl/etc. >> >> (There's also a handy acl module in Ansible!) >> >> >> >> >> On Wed, Sep 10, 2014 at 7:32 AM, Stein Inge Morisbak <[email protected]> >> wrote: >> >>> Sorry about the tarball. It won't happen again. >>> >>> After some further investigation it seems that it might have something >>> to do with SELinux ACL after all. The httpd directory in /etc/httpd/conf >>> has a dot after its access list (drwxr-xr-x.). I don't know if this is the >>> problem yet, but I will do some further investigations. Thanks for >>> mentioning SELinux. >>> >>> I will keep you posted. >>> >>> 2014-09-10 12:26 GMT+02:00 Abubakr-Sadik Nii Nai Davis <[email protected] >>> >: >>> >>>> Well noted. >>>> >>>> On Tuesday, September 9, 2014 7:13:49 PM UTC, Michael DeHaan wrote: >>>>> >>>>> As a general rule, I don't crack open tarballs attached to the list - >>>>> and I would request that since there are thousands of users on this list >>>>> we >>>>> don't start using it for attachments. >>>>> >>>>> (I'm not sure I can turn it off). >>>>> >>>>> A gist or github repo would be welcome, or even pastebin for smaller >>>>> things. >>>>> >>>>> In many cases, it can just be shown inline. >>>>> >>>>> >>>>> >>>>> On Tue, Sep 9, 2014 at 12:21 PM, Stein Inge Morisbak <[email protected] >>>>> > wrote: >>>>> >>>>>> I have attached the whole shebang to reproduce it. >>>>>> >>>>>> Requirements is: >>>>>> - the same username on the server set up with an authorized key and >>>>>> belonging to a group. >>>>>> - A file: /etc/httpd/conf/httpd.conf owned by a different user, but >>>>>> writable for the group the first user belongs to. >>>>>> >>>>>> >>>>>> >>>>>> 2014-09-09 17:45 GMT+02:00 Michael DeHaan <[email protected]>: >>>>>> >>>>>>> Can you show more of the playbook in context? >>>>>>> >>>>>>> I'm missing task names and such and wanted to be clear about >>>>>>> something. >>>>>>> >>>>>>> I may have some other questions after that. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mon, Sep 8, 2014 at 5:51 PM, Stein Inge Morisbak < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Yup. It is non-sudo and non-root. >>>>>>>> >>>>>>>> $ ansible --version >>>>>>>> ansible 1.7.1 >>>>>>>> >>>>>>>> stanza: >>>>>>>> --- >>>>>>>> - hosts: myservers >>>>>>>> roles: >>>>>>>> - httpd >>>>>>>> remote_user: "{{ lookup('env','USER') }}" >>>>>>>> gather_facts: False >>>>>>>> sudo: False >>>>>>>> >>>>>>>> $ ansible-playbook -i test myservers.yml >>>>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace >>>>>>>> file: >>>>>>>> /home/steinim/.ansible/tmp/ansible-tmp-1410212872.62-18948176608778/source >>>>>>>> to /etc/httpd/conf/httpd.conf: [Errno 1] Operation not permitted: >>>>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf'", "failed": true} >>>>>>>> Exception OSError: (2, 'No such file or directory', >>>>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf') in <bound method >>>>>>>> _TemporaryFileWrapper.__del__ of <closed file '<fdopen>', mode 'w+b' at >>>>>>>> 0x1e946f0>> ignored >>>>>>>> >>>>>>>> Since I am in the group developers and have write access to the >>>>>>>> file and directory I would expect that I can overwrite the file. >>>>>>>> >>>>>>>> >>>>>>>> kl. 23:36:02 UTC+2 mandag 8. september 2014 skrev Michael DeHaan >>>>>>>> følgende: >>>>>>>>> >>>>>>>>> Can you please share the ansible --version as well as the command >>>>>>>>> line invocation you are using and the stanza of your playbook? >>>>>>>>> >>>>>>>>> Sounds like you are doing something non-sudo most likely, or non >>>>>>>>> root, that doesn't have enough permissions. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Sep 8, 2014 at 7:50 AM, Stein Inge Morisbak < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> I am trying to run the following task: >>>>>>>>>> >>>>>>>>>> - name: copy httpd.conf to /etc/httpd/conf folder >>>>>>>>>> copy: src=httpd.conf dest="/etc/httpd/conf" >>>>>>>>>> >>>>>>>>>> Ownership on the server is: >>>>>>>>>> >>>>>>>>>> drwxrwsr-x 2 root developers 4096 Sep 8 13:33 . >>>>>>>>>> drwxrwsr-x 5 root developers 4096 Sep 4 17:51 .. >>>>>>>>>> -rw-rw-r-- 1 root developers 34744 Apr 3 16:01 httpd.conf >>>>>>>>>> >>>>>>>>>> I am a member of the developers group. The directory and file has >>>>>>>>>> write permission for the developers group. However the task fails >>>>>>>>>> with this >>>>>>>>>> error message: >>>>>>>>>> >>>>>>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace >>>>>>>>>> file: /home/steinim/.ansible/tmp/ansible-tmp-1410176741.01- >>>>>>>>>> 248154513611723/source to /etc/httpd/conf/httpd.conf: [Errno 1] >>>>>>>>>> Operation not permitted: >>>>>>>>>> '/etc/httpd/conf/.ansible_tmpZ7a3MQhttpd.conf'", >>>>>>>>>> "failed": true} >>>>>>>>>> >>>>>>>>>> Am I missing something, or should this work? >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "Ansible Project" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/d/msgid/ansible-project/90f29162-3 >>>>>>>>>> cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com >>>>>>>>>> <https://groups.google.com/d/msgid/ansible-project/90f29162-3cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "Ansible Project" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To post to this group, send email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/7d4c1995- >>>>>>>> 1eb9-4baa-9940-a5b98fc960da%40googlegroups.com >>>>>>>> <https://groups.google.com/d/msgid/ansible-project/7d4c1995-1eb9-4baa-9940-a5b98fc960da%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to a topic in >>>>>>> the Google Groups "Ansible Project" group. >>>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/to >>>>>>> pic/ansible-project/e7OIdscZXMo/unsubscribe. >>>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>>> [email protected]. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgw >>>>>>> krstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR%3DsM4tf4g%40mail.gmail.com >>>>>>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwkrstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR%3DsM4tf4g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> - Stein Inge >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Ansible Project" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/ansible-project/CAJJkzbazsnJ-xt4rXvwW0h2pUMnyoQzaHputu4_ >>>>>> hYFK_yMcWYQ%40mail.gmail.com >>>>>> <https://groups.google.com/d/msgid/ansible-project/CAJJkzbazsnJ-xt4rXvwW0h2pUMnyoQzaHputu4_hYFK_yMcWYQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Ansible Project" group. >>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>> topic/ansible-project/e7OIdscZXMo/unsubscribe. >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/7a2ebd43-1678-4e9e-9884- >>>> 489862c30c10%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/7a2ebd43-1678-4e9e-9884-489862c30c10%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> - Stein Inge >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc% >>> 2BfvdEW%3Di%2BpG4w%40mail.gmail.com >>> <https://groups.google.com/d/msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc%2BfvdEW%3Di%2BpG4w%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/c5dbd929-d508-4c01-9791-04a3ff4ba77b%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/c5dbd929-d508-4c01-9791-04a3ff4ba77b%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwfwv7BK1FU0XR%2BP5%3DneJpHV2Hf47L_y2u_JC4U5Mub8w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
