>From earlier on the thread 1.7.1 And yes, there have been some fixes to the devel branch related to owner and group since 1.7.1 that might be the cause of this. In addition to the two you've linked to, Stein, I believe there's a third where specifying the file name rather than the directory as the destination was a work around.
If you can checkout the development branch from git to test, that would confirm whether we've already fixed this for the next version or not. Some of those fixes may also have been pulled into the 1.7.2 release - the timing is right but I don't recall whether they were added to that release or are waiting on 1.8. -Toshio On Nov 5, 2014 6:31 AM, "Michael DeHaan" <[email protected]> wrote: > Can you please share what version of Ansible you are using? > > (ansible --version) > > Thanks! > > > > On Wed, Nov 5, 2014 at 7:32 AM, Stein Inge Morisbak <[email protected]> > wrote: > >> Hi! >> >> It took some time before i could look into this. Anyway, I think it has >> to do with this issue: https://github.com/ansible/ansible/issues/7372 >> >> The template-module always does `chown`, and that will not work when >> running as a non-root user when the files are owned by root even if the >> group has write permission. >> >> - Stein Inge >> >> kl. 14:35:36 UTC+2 onsdag 10. september 2014 skrev Michael DeHaan >> følgende: >>> >>> Yeah, please let us know. >>> >>> One point of clarification - I think you may possibly be confusing >>> SELinux and ACLs, which are different things. >>> >>> ACLs do not come from SELinux, they are managed by setfacl/etc. >>> >>> (There's also a handy acl module in Ansible!) >>> >>> >>> >>> >>> On Wed, Sep 10, 2014 at 7:32 AM, Stein Inge Morisbak <[email protected]> >>> wrote: >>> >>>> Sorry about the tarball. It won't happen again. >>>> >>>> After some further investigation it seems that it might have something >>>> to do with SELinux ACL after all. The httpd directory in /etc/httpd/conf >>>> has a dot after its access list (drwxr-xr-x.). I don't know if this is the >>>> problem yet, but I will do some further investigations. Thanks for >>>> mentioning SELinux. >>>> >>>> I will keep you posted. >>>> >>>> 2014-09-10 12:26 GMT+02:00 Abubakr-Sadik Nii Nai Davis < >>>> [email protected]>: >>>> >>>>> Well noted. >>>>> >>>>> On Tuesday, September 9, 2014 7:13:49 PM UTC, Michael DeHaan wrote: >>>>>> >>>>>> As a general rule, I don't crack open tarballs attached to the list - >>>>>> and I would request that since there are thousands of users on this list >>>>>> we >>>>>> don't start using it for attachments. >>>>>> >>>>>> (I'm not sure I can turn it off). >>>>>> >>>>>> A gist or github repo would be welcome, or even pastebin for smaller >>>>>> things. >>>>>> >>>>>> In many cases, it can just be shown inline. >>>>>> >>>>>> >>>>>> >>>>>> On Tue, Sep 9, 2014 at 12:21 PM, Stein Inge Morisbak < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> I have attached the whole shebang to reproduce it. >>>>>>> >>>>>>> Requirements is: >>>>>>> - the same username on the server set up with an authorized key and >>>>>>> belonging to a group. >>>>>>> - A file: /etc/httpd/conf/httpd.conf owned by a different user, but >>>>>>> writable for the group the first user belongs to. >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2014-09-09 17:45 GMT+02:00 Michael DeHaan <[email protected]>: >>>>>>> >>>>>>>> Can you show more of the playbook in context? >>>>>>>> >>>>>>>> I'm missing task names and such and wanted to be clear about >>>>>>>> something. >>>>>>>> >>>>>>>> I may have some other questions after that. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Sep 8, 2014 at 5:51 PM, Stein Inge Morisbak < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Yup. It is non-sudo and non-root. >>>>>>>>> >>>>>>>>> $ ansible --version >>>>>>>>> ansible 1.7.1 >>>>>>>>> >>>>>>>>> stanza: >>>>>>>>> --- >>>>>>>>> - hosts: myservers >>>>>>>>> roles: >>>>>>>>> - httpd >>>>>>>>> remote_user: "{{ lookup('env','USER') }}" >>>>>>>>> gather_facts: False >>>>>>>>> sudo: False >>>>>>>>> >>>>>>>>> $ ansible-playbook -i test myservers.yml >>>>>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace >>>>>>>>> file: >>>>>>>>> /home/steinim/.ansible/tmp/ansible-tmp-1410212872.62-18948176608778/source >>>>>>>>> to /etc/httpd/conf/httpd.conf: [Errno 1] Operation not permitted: >>>>>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf'", "failed": true} >>>>>>>>> Exception OSError: (2, 'No such file or directory', >>>>>>>>> '/etc/httpd/conf/.ansible_tmpy33qxVhttpd.conf') in <bound method >>>>>>>>> _TemporaryFileWrapper.__del__ of <closed file '<fdopen>', mode 'w+b' >>>>>>>>> at >>>>>>>>> 0x1e946f0>> ignored >>>>>>>>> >>>>>>>>> Since I am in the group developers and have write access to the >>>>>>>>> file and directory I would expect that I can overwrite the file. >>>>>>>>> >>>>>>>>> >>>>>>>>> kl. 23:36:02 UTC+2 mandag 8. september 2014 skrev Michael DeHaan >>>>>>>>> følgende: >>>>>>>>>> >>>>>>>>>> Can you please share the ansible --version as well as the command >>>>>>>>>> line invocation you are using and the stanza of your playbook? >>>>>>>>>> >>>>>>>>>> Sounds like you are doing something non-sudo most likely, or non >>>>>>>>>> root, that doesn't have enough permissions. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Sep 8, 2014 at 7:50 AM, Stein Inge Morisbak < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> I am trying to run the following task: >>>>>>>>>>> >>>>>>>>>>> - name: copy httpd.conf to /etc/httpd/conf folder >>>>>>>>>>> copy: src=httpd.conf dest="/etc/httpd/conf" >>>>>>>>>>> >>>>>>>>>>> Ownership on the server is: >>>>>>>>>>> >>>>>>>>>>> drwxrwsr-x 2 root developers 4096 Sep 8 13:33 . >>>>>>>>>>> drwxrwsr-x 5 root developers 4096 Sep 4 17:51 .. >>>>>>>>>>> -rw-rw-r-- 1 root developers 34744 Apr 3 16:01 httpd.conf >>>>>>>>>>> >>>>>>>>>>> I am a member of the developers group. The directory and file >>>>>>>>>>> has write permission for the developers group. However the task >>>>>>>>>>> fails with >>>>>>>>>>> this error message: >>>>>>>>>>> >>>>>>>>>>> fatal: [my-box] => failed to parse: {"msg": "Could not replace >>>>>>>>>>> file: /home/steinim/.ansible/tmp/ansible-tmp-1410176741.01- >>>>>>>>>>> 248154513611723/source to /etc/httpd/conf/httpd.conf: [Errno 1] >>>>>>>>>>> Operation not permitted: >>>>>>>>>>> '/etc/httpd/conf/.ansible_tmpZ7a3MQhttpd.conf'", >>>>>>>>>>> "failed": true} >>>>>>>>>>> >>>>>>>>>>> Am I missing something, or should this work? >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "Ansible Project" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> To post to this group, send email to [email protected] >>>>>>>>>>> . >>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/d/msgid/ansible-project/90f29162-3 >>>>>>>>>>> cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com >>>>>>>>>>> <https://groups.google.com/d/msgid/ansible-project/90f29162-3cd1-4783-a3ca-ada6c1fd5604%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Ansible Project" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/ansible-project/7d4c1995- >>>>>>>>> 1eb9-4baa-9940-a5b98fc960da%40googlegroups.com >>>>>>>>> <https://groups.google.com/d/msgid/ansible-project/7d4c1995-1eb9-4baa-9940-a5b98fc960da%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to a topic in >>>>>>>> the Google Groups "Ansible Project" group. >>>>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>>>>> topic/ansible-project/e7OIdscZXMo/unsubscribe. >>>>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>>>> [email protected]. >>>>>>>> To post to this group, send email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgw >>>>>>>> krstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR%3DsM4tf4g%40mail.gmail.com >>>>>>>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwkrstcxsQ9OTr_OnKFor02OiUsEOJJrdHdZR%3DsM4tf4g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> - Stein Inge >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Ansible Project" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/ansible-project/CAJJkzbazsnJ- >>>>>>> xt4rXvwW0h2pUMnyoQzaHputu4_hYFK_yMcWYQ%40mail.gmail.com >>>>>>> <https://groups.google.com/d/msgid/ansible-project/CAJJkzbazsnJ-xt4rXvwW0h2pUMnyoQzaHputu4_hYFK_yMcWYQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "Ansible Project" group. >>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>> topic/ansible-project/e7OIdscZXMo/unsubscribe. >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/ansible-project/7a2ebd43-1678-4e9e-9884- >>>>> 489862c30c10%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/ansible-project/7a2ebd43-1678-4e9e-9884-489862c30c10%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> >>>> -- >>>> - Stein Inge >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc% >>>> 2BfvdEW%3Di%2BpG4w%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/ansible-project/CAJJkzbbJdSt7s%2BDcqqwaqZzJjRzzSxXVo%2BLWc%2BfvdEW%3Di%2BpG4w%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/c5dbd929-d508-4c01-9791-04a3ff4ba77b%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/c5dbd929-d508-4c01-9791-04a3ff4ba77b%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwfwv7BK1FU0XR%2BP5%3DneJpHV2Hf47L_y2u_JC4U5Mub8w%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwfwv7BK1FU0XR%2BP5%3DneJpHV2Hf47L_y2u_JC4U5Mub8w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAG9juEq4QWcvCqTCFFxO%3D1Vvp_1FdMmOw5Ob73NRQkZSZJLYPQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
