Ansible - find and set permissions, including sticky bit

Using Ansible 2.1.4.0

Is it possible to set the sticky bit and folder permissions in 1 task?

Example;

# Shell is used over find module cause symlink breaks and performance

- name: Find directories in /tmp which are not valid
  shell: find
    /tmp/test -type d
    \( ! -user root -o ! -group root -o ! -perm 775 \)
  register: find1

- name: Set 775 for found directories
  file:
    path: "{{ item }}"
    owner: root
    group: vagrant
    mode: 0775
    state: directory
  with_items: "{{ findPermission1.stdout_lines | default([]) }}"


- name: Find directories in /tmp which have no sticky bit
  shell: find
    /tmp/test -type d
    \! -perm /1000
  changed_when: false
  register: find2

- name: Set permissions for found directories
  file:
    path: "{{ item }}"
    owner: root
    group: vagrant
    mode: g+s
    state: directory
    recurse: no #cause it already found recurse
  with_items: "{{ find.stdout_lines | default([]) }}"

Right now, I must have 2 different tasks to set the permissions. But they overwrite each other.

Goal: set the permission to 775 and g+s in one task.


Solution 1:

Found it, one can use the official file module.

- name: Set sticky bit + 775 for directory
  file:
    path: /tmp/test
    owner: root
    group: vagrant
    mode: u=rwx,g=rwx,o=rx,g+s
    # mode: '02775' # also works
    # mode: ug=rwx,o=rx,g+s # also works
    state: directory

Solution 2:

Goal: set the permission to 775 and g+s in one task.

- name: Set permissions for found directories
  file:
    path: "{{ item }}"
    owner: root
    group: vagrant
    mode: 02775
    state: directory
    recurse: no #cause it already found recurse
  with_items: ____

But I don't understand why you were checking for SUID (-perm /1000) and setting SGID (g+s) in the code. Neither I know what is the value of find, because you registered find1 and find2, but not find.

I also don't see a need to specify conditions for find, because Ansible module is idempotent/declarative and you want all directories to have the same permissions, so you can rely on Ansible.