admin that i use to login with. this account can do pretty much anything using sudo
system account that has no password and no direct login ability. it is used for the application
i create the system user at terminal using sudo useradd --system --shell /bin/bash --create-home --home-dir /opt/application application
the ansible equivelant task i have is
- name: create application system user
user:
name: "application"
system: true
shell: "/bin/bash"
create_home: yes
home: "/opt/application"
become: yes
the owner and group of the created home directory are correct but the permissions don’t match.
here is the dir created when doing from terminal drwxr-x---. 11 application application 4096 Oct 7 12:16 application
here is the dir created by ansible drwx------. 2 application application 62 Oct 24 14:01 application
it is easy enough to fix permissions on one folder but it just goes on and gets worse from there when i install the application in the home directory
i would normally login with my admin account, sudo to the application account, then install the application
there are a TON of files and directories created when the application installs so trying to update the permissions after the fact is quite burdensome if not impossible.
This is not an Ansible issue. This is a umask issue. Compare your umask settings as the user and then again as root. You’ll see they’re different. You can use the environment attribute with your playbooks to set the umask for your tasks.
btw, that little dot right after the permissions indicates that there is an SELinux security context.
That may or may not interfere later on, but it’s not possible to tell from the information.
This sounds like you are setting a different umask in your interactive session than the non-interactive session has. This is a question of system configuration, not really something that Ansible has control over.
thanks. i’m fairly new to linux so i’d never even heard of umask before.
here are the values on my system which is a basic RHEL8 install
root umask 0022
admin umask 0002
application umask 0002
playing around with command: umask i found that running a task as admin gives admin umask of 0002. if i use become the umask becomes that of root (0022) even if i am becoming the application user. using become_flags: "-i" when becoming the application user loads the user profile and gives you the correct umask for that user.
no need to set the umask when creating the new user, that is correct already. as for using the environment option i assume the intent was something like below. this doesn’t error but also doesn’t work. my understanding is that is used for setting env variables which umask doesn’t appear to be. i have used that successfully before with PATH.