[ansible-project] Re: win_acl and remote fileshares

[Jordan Borean]

Sorry I misread what you said and thought you meant you didn't think become 
mattered here but I see your problem. You've set the become vars as a 
module option to win_acl, the directives should be on the same indentation 
as win_acl itself. Unfortunately not all Windows modules currently validate 
that the options you've specified are actually supported, they are just 
silently ignored but hopefully over time more of them use the newer 
framework that does do that validation. In short your task should look like

- name: Define RW permissions on new share.
  win_acl:
    path: "{{ prd_shr_path }}"
    rights: Modify
    type: allow
    user: 'DOMAIN\{{ h_dl_prefix }}{{ u_name }}{{ suffix_RW }}'
    inherit: containerinherit, objectinherit
  become: yes
  become_method: runas
  vars:
    ansible_become_user: '{{ ansible_user }}'
    ansible_become_pass: '{{ ansible_password }}'

I've made a slight tweak to specify the user and password in the vars 
section. My reasons for this are

   - You need to specify the password or else you will have the same 
   problem as WinRM where you become the user but with no password available, 
   there is no task directive for 'become_pass' and it needs to be set in a 
   variable
   - Setting a var has a higher precedence than a task directive, so if 
   you've set 'become_user: some user' on your task but have set 
   'ansible_become_user: other user' in your host/group vars for that host, 
   'other user' is used. Setting it on the vars section of a task is pretty 
   high up there on variable precedence with only a few things being higher 
   (vars specified by -e is one of them)
   - I've also said to just become the connection user using the existing 
   connection variables. This makes things host agnostic and just ensures that 
   the process runs as the same connection user but has it's credentials 
   available for delegation
   

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e6498220-ca32-446d-b46b-66d025f68f71%40googlegroups.com.