Ansible - find and set permissions, including sticky bit
Using Ansible 2.1.4.0
Is it possible to set the sticky bit and folder permissions in 1 task?
Example;
# Shell is used over find module cause symlink breaks and performance
- name: Find directories in /tmp which are not valid
shell: find
/tmp/test -type d
\( ! -user root -o ! -group root -o ! -perm 775 \)
register: find1
- name: Set 775 for found directories
file:
path: "{{ item }}"
owner: root
group: vagrant
mode: 0775
state: directory
with_items: "{{ findPermission1.stdout_lines | default([]) }}"
- name: Find directories in /tmp which have no sticky bit
shell: find
/tmp/test -type d
\! -perm /1000
changed_when: false
register: find2
- name: Set permissions for found directories
file:
path: "{{ item }}"
owner: root
group: vagrant
mode: g+s
state: directory
recurse: no #cause it already found recurse
with_items: "{{ find.stdout_lines | default([]) }}"
Right now, I must have 2 different tasks to set the permissions. But they overwrite each other.
Goal: set the permission to 775 and g+s in one task.
Solution 1:
Found it, one can use the official file module.
- name: Set sticky bit + 775 for directory
file:
path: /tmp/test
owner: root
group: vagrant
mode: u=rwx,g=rwx,o=rx,g+s
# mode: '02775' # also works
# mode: ug=rwx,o=rx,g+s # also works
state: directory
Solution 2:
Goal: set the permission to 775 and g+s in one task.
- name: Set permissions for found directories
file:
path: "{{ item }}"
owner: root
group: vagrant
mode: 02775
state: directory
recurse: no #cause it already found recurse
with_items: ____
But I don't understand why you were checking for SUID (-perm /1000) and setting SGID (g+s) in the code. Neither I know what is the value of find, because you registered find1 and find2, but not find.
I also don't see a need to specify conditions for find, because Ansible module is idempotent/declarative and you want all directories to have the same permissions, so you can rely on Ansible.