[ansible-project] win_acl and remote fileshares

[Jesse Lyon]

win_acl and remote fileshares

https://docs.ansible.com/ansible/latest/modules/win_acl_module.html#win-acl-module

Using the WIN_ACL module, is it possible to manage file system permissions 
on a remote UNC path?

Making the assumption that it is, so long as your user has permissions to 
do that operation I'm having consistent issues with Access is denied errors 
while trying to perform the following.
    prd_svm_fix: '\\{{prd_vserver}}.domain.net'
    prd_shr_path: '{{prd_svm_fix}}\{{vol_junction}}\{{obj_name}}'




##PERMISSIONS NONSENSE
  - name: Define RW permissions on new share.
    win_acl:
      path: "{{ prd_shr_path }}"
      rights: Modify
      type: allow
      user: 'DOMAIN\{{ h_dl_prefix }}{{ u_name }}{{ suffix_RW }}'
      inherit: containerinherit, objectinherit
      become: yes
      become_method: runas
      become_user: "sa_ansi...@domain.net"



I'm made the attempt to not "Become" the service account listed, or do it 
natively through the user I'm connecting to my windows host as, but I'm 
having a hell of a time finding out precisely where I'm being waived off 
with this error.




The full traceback is:
Access is denied
At line:106 char:11
+ If (-Not (Test-Path -LiteralPath $path)) {
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (\\NAS.DOMAIN.net\Apps\toast
:String) [Test-Path], UnauthorizedAccessException
    + FullyQualifiedErrorId : ItemExistsUnauthorizedAccessError,Microsoft.
PowerShell.Commands.TestPathCommand


ScriptStackTrace:
at <ScriptBlock>, <No file>: line 106


System.UnauthorizedAccessException: Access is denied ---> System.
ComponentModel.Win32Exception: Access is denied
   --- End of inner exception stack trace ---
   at Microsoft.PowerShell.Commands.FileSystemProvider.ItemExists(String 
path, ErrorRecord& error)
fatal: [system.DOMAIN.net]: FAILED! => {
    "changed": false,
    "msg": "Unhandled exception while executing module: Access is denied"



the UNC path I'm trying to change is not a windows file server, but instead 
a NetApp hosting the shares, this step is imediately after the vol/share is 
create and the ACL's are flapping in the breeze wide open "Everyone: Full 
Control" so I don't imagine it a filesystem "access is denied" issue.

Any help/thoughts would be appreciated.
Thanks!
Jess

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/4debe73e-533b-4088-87b5-94092e3a7bca%40googlegroups.com.