[ansible-project] Issue with folder permissions with a playbook

Fri, 25 Jun 2021 08:31:03 -0700 

We have a bash script that creates some folders and puts some ACLs on them, 
and we're trying to do this with an Ansible playbook.  When we run the bash 
script, the group permission is rwx like we want, but when running the 
playbook, it is only rx.  Any ideas as to why?

Bash script:
function SecondLevelDirectory {
   echo "Setting up $SITEDIRECTORY/$1..."
   if [ ! -d "$SITEDIRECTORY/$1" ]; then
      mkdir -p $SITEDIRECTORY/$1
   fi
   # Clear out any current ACLs
   setfacl -b $SITEDIRECTORY/$1

   chmod 750 $SITEDIRECTORY/$1
   chmod g+s $SITEDIRECTORY/$1
   chown user1.$SITEGROUPID $SITEDIRECTORY/$1
}
SecondLevelDirectory Adaptation
chmod 770 $SITEDIRECTORY/Adaptation
chgrp $OSFGROUP $SITEDIRECTORY/Adaptation
setfacl -m g:$SUPPORTINGGROUP:rwx $SITEDIRECTORY/Adaptation
setfacl -m d:g:$SUPPORTINGGROUP:rwx $SITEDIRECTORY/Adaptation

Same thing via Ansible:

  - name: Create {{ item.site }} Adaptation Directory
    file:
      path: "/tmp/{{ sitedir }}/{{ item.site }}/Adaptation"
      state: directory
      mode: '02750'
      owner: user1
      group: "{{ item.osf }}"

  - name: Adjust ownership of {{ item.site }} Adaptation Directory
    file:
      path: "/tmp/{{ sitedir }}/{{ item.site }}/Adaptation"
      state: directory
      mode: '022770'
      owner: user1
      group: "{{ item.osf }}"

  - name: Clear out current ACLs on {{ item.site }} Adaptation Directory
    command: "/bin/setfacl -b /tmp/{{ sitedir }}/{{ item.site }}/Adaptation"

  - name: Set Supporting OSF ACL on {{ item.site }} Adaptation Directory
    acl:
      path: "/tmp/{{ sitedir }}/{{ item.site }}/Adaptation"
      entity: "{{ item.sosf }}"
      etype: group
      permissions: rwx
      state: present

  - name: Set Site Group ACL on {{ item.site }} Adaptation Directory
    acl:
      path: "/tmp/{{ sitedir }}/{{ item.site }}/Adaptation"
      entity: "{{ item.group }}"
      etype: group
      permissions: rx
      state: present

Thanks,
Harry

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c96ded21-05ae-4026-8c45-592a8f97c52en%40googlegroups.com.

Reply via email to