Hi,
I want to use the block and rescue format.
I want to check the file permissions before change it.
On Thursday, December 31, 2020 at 3:54:24 PM UTC-5 Michael M wrote:
> Hi Thuan,
>
> I'm not sure why you are just trying to assert the permissions rather than
> enforce them, but why not enforce them with something like:
>
> - name: Change permissions recursively
> hosts: all
> gather_facts: False
> ignore_errors: True
>
> vars:
> path: <put your path here>
> modes:
> d: '2755'
> f: '0640'
>
> tasks:
> - name: Change permissions
> command: find "{{ path }}" -type "{{ item.key }}" ! -perm "{{
> item.value }}" -exec chmod -f "{{ item.value }}" {} \;
> with_dict: "{{ modes }}"
> register: result
> changed_when: result.stdout != ""
>
>
> On Thu, Dec 31, 2020 at 10:43 AM Thuan <thuan...@gmail.com> wrote:
>
>> Hi all,
>>
>> My playbook is working for single files but not for directories.
>> It doesn't check the folders permissions recursively.
>>
>>
>>
>>
>>
>>
>> ============================================================
>>
>> - name: Ensure system directories are own by root group.
>> block:
>> - name: Verify the command directories are exists.
>> become: true
>> stat:
>> path: "{{ item }}"
>> loop:
>> - /bin/
>> - /sbin/
>> - /usr/bin/
>> - /usr/sbin/
>> - /usr/local/bin
>> - /usr/local/sbin
>> register: command_directories
>> - name: Verify the ownership of command directories are belong to root.
>> loop: |
>> {{ command_directories.results | map(attribute='item')|
>> zip(command_directories.results | map(attribute='stat.gr_name'))|list }}
>>
>> assert:
>> that: item.1 == 'root'
>> loop_control:
>> label: "{{ item.0 }}"
>>
>> - set_fact:
>> stig_text: "PASSED"
>> rescue:
>>
>> - name: configure the command directories ownership to root and create if
>> it doesn't exist.
>> become: true
>> file:
>> path: "{{ item.item }}"
>> group: root
>> state: "{{ 'directory' if item.stat.exists else 'touch' }}"
>> recurse: yes
>> loop: "{{ command_directories.results }}"
>> register: file_perms_rule
>> - set_fact:
>> stig_text: "PASSED"
>> when: file_perms_rule.changed
>>
>> ==================================================================
>>
>>
>> TASK [Verify the ownership of command directories are belong to root.]
>> ***************************************
>> [WARNING]: The loop variable 'item' is already in use. You should set the
>> `loop_var` value in the
>> `loop_control` option for the task to something else to avoid variable
>> collisions and unexpected behavior.
>> ok: [localhost] => (item=/bin/) => {
>> "ansible_loop_var": "item",
>> "changed": false,
>> "item": [
>> "/bin/",
>> "root"
>> ],
>> "msg": "All assertions passed"
>> }
>> ok: [localhost] => (item=/sbin/) => {
>> "ansible_loop_var": "item",
>> "changed": false,
>> "item": [
>> "/sbin/",
>> "root"
>> ],
>> "msg": "All assertions passed"
>> }
>> ok: [localhost] => (item=/usr/bin/) => {
>> "ansible_loop_var": "item",
>> "changed": false,
>> "item": [
>> "/usr/bin/",
>> "root"
>> ],
>> "msg": "All assertions passed"
>> }
>> ok: [localhost] => (item=/usr/sbin/) => {
>> "ansible_loop_var": "item",
>> "changed": false,
>> "item": [
>> "/usr/sbin/",
>> "root"
>> ],
>> "msg": "All assertions passed"
>> }
>> ok: [localhost] => (item=/usr/local/bin) => {
>> "ansible_loop_var": "item",
>> "changed": false,
>> "item": [
>> "/usr/local/bin",
>> "root"
>> ],
>> "msg": "All assertions passed"
>> }
>> ok: [localhost] => (item=/usr/local/sbin) => {
>> "ansible_loop_var": "item",
>> "changed": false,
>> "item": [
>> "/usr/local/sbin",
>> "root"
>> ],
>> "msg": "All assertions passed"
>> }
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-proje...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/3736ce06-1bf1-4cfe-a2fb-042619b8497en%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b9ad63b9-6e88-4f24-a49b-500f103fcf7dn%40googlegroups.com.
