In a shared-hosting environment it is important to give out as little info as possible to the users. For this purpose, permissions on most folders under / = 0711 . With /etc 0755, I can pull ansible facts, however with 0711 I get ‘NA’. Under root user there is no issue, but configuration of sshd does not allow me to log in as root. Sure, I could use ‘-b’ and resolve the issue, but that’s a workaround and not a fix. With 0711 a user cannot list directory contents but if the path to a file is known, content can be read.
How does ansible figure out what distro/version is running? From what I see under /usr/lib/python2.6/site-packages/ansible/ , platform.linux_distribution is being used ? Strace for that function shows that it tries to list the contents of /etc ?
user $ strace python -c ‘import platform; print(platform.linux_distribution())’
[…]
open(“/etc”, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 EACCES (Permission denied)
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 12), …}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f11acbad000
write(1, “(‘’, ‘’, ‘’)\n”, 13(‘’, ‘’, ‘’)
Thank you
rooti# ansible pxe1 -m setup -a “filter=ansible_distribution*” -u user_that_has_sudo_privileges
pxe1 | SUCCESS => {
“ansible_facts”: {
“ansible_distribution”: “CentOS”,
“ansible_distribution_file_parsed”: true,
“ansible_distribution_file_path”: “/etc/redhat-release”,
“ansible_distribution_file_variety”: “RedHat”,
“ansible_distribution_major_version”: “6”,
“ansible_distribution_release”: “Final”,
“ansible_distribution_version”: “6.9”
},
“changed”: false,
“failed”: false
}
/etc 0711:
pxe1 | SUCCESS => {
“ansible_facts”: {
“ansible_distribution”: “CentOS”,
“ansible_distribution_file_parsed”: true,
“ansible_distribution_file_path”: “/etc/redhat-release”,
“ansible_distribution_file_variety”: “RedHat”,
“ansible_distribution_major_version”: “NA”,
“ansible_distribution_release”: “NA”,
“ansible_distribution_version”: “NA”
},
“changed”: false,
“failed”: false
}