Ok, so I'm a bit confused here as to what you're trying to achieve exactly.
If you want to set the ownership of the file (like you can do from
copy/template), we've got some common code we can add -- see what's
done with the copy module -- and that's a super easy way to achieve
that.
That seems like what you want?
--Michael
So I noticed that I didn’t complete a sentance in my previous explanation.
By changing this setting to use /etc/ssh/authorized_keys/%u we are able to distribute everyone’s keys, but placing them outside their home directory. /etc/ssh/authorized_keys is then owned by root: with mode 755.
I’m not sure what else would be unclear, but will gladly discuss and explain myself further if need be.
So I noticed that I didn't complete a sentance in my previous explanation.
By changing this setting to use /etc/ssh/authorized_keys/%u we are able to
distribute everyone's keys, but placing them outside their home directory.
/etc/ssh/authorized_keys is then owned by root: with mode 755.
See my previous response about how we want to handle setting the mode.
So... in the attached conversation I point out the flaw in utilizing an
external reference to the copy command. Effectively a bunch of extraneous
mode changing is/will be occurring.
For instance:
- name: ensure that shared authorized_keys directory exists
action: file path='/etc/ssh/authorized_keys' state=directory owner=root
group=root mode=0755
- name: add key for bob
action: authorized_key user=bob key='...snip...'
sshdir='/etc/ssh/authorized_keys' keysfile=bob
- name: add key for john
action: authorized_key user=john key='...snip...'
sshdir='/etc/ssh/authorized_keys' keysfile=john
At which point I end up with an /etc/ssh/authorized_keys directory set to
0700 and owned by john. As long as the authorized_key module makes
permission changes then either a) it can't be used for this or b) it needs
to be changed.
The whole point behind my thread was to discuss what would be considered
the more appropriate change to the authorized_key module to support this
concept of alternate pathing for authorized_keys. If the preference is to
just consider authorized_key a limited use case module and work around it,
then so be it.
So... in the attached conversation I point out the flaw in utilizing an
external reference to the copy command. Effectively a bunch of extraneous
mode changing is/will be occurring.
I didn't suggest using the copy command.
so we talked offline.
end result:
combine sshdir and keysfile parameters into path parameter and add
manage_dir boolean, defaulting to true.
This allows for alternate pathing of the key file, and manual setting of
directory ownership in a separate task if the default ownership doesn't
suit your environment.
-greg