If you specify /tmp/.ansible/tmp as the remote_tmp, then you become responsible for ensuring that the correct users have permission to read, write, and search that directory. Ansible deals with permissions below that directory only.
There was a bug in the 2.5 branch (I believe fixed in the latest rc) where ansible was supposed to revert to the system temp directory when remote_user was unprivileged and become_user was also unprivileged. What version of ansible are you using? (ansible --version output). That might tell us if this is related to that bug. -Toshio On Mar 2, 2018 7:17 AM, "Mike Cavedon" <mpc...@gmail.com> wrote: Looks like /tmp/.ansible needs to be 777 On Friday, March 2, 2018 at 10:09:49 AM UTC-5, Mike Cavedon wrote: > > I changed remote_tmp to /tmp/.ansible/tmp for performance reasons. The > directory is created as follows: > > [tmp]$ ls -ld .ansible > drwx------ 3 ec2-user ec2-user 4096 Mar 2 09:47 .ansible > > When a different user attempts to write to the directory it fails: > > "Authentication or permission failure. In some cases, you may have been able > to authenticate and did not have permissions on the remote directory. > Consider changing the remote temp path in ansible.cfg to a path rooted in > \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo > /tmp/.ansible/tmp/ansible-tmp-1520002087.57-3211555543948 > > > Shouldn't /tmp/.ansible be created with 766 permission? Am I going to have to > chmod /tmp/.ansible in the playbook? > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/ msgid/ansible-project/129d8418-299a-47d4-a975-a4a98fc16d96%40googlegroups. com <https://groups.google.com/d/msgid/ansible-project/129d8418-299a-47d4-a975-a4a98fc16d96%40googlegroups.com?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPrnkaSZBMs_hNa0_S-4hwK%3DAvf%3DnOPaomop8%3DjWD624qHjMGQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
