Hello,
I just found out that "file" module's "mode" param accepts only octal
value. That comes as a little surprise, as
http://docs.ansible.com/file_module.html described "mode" as "mode the
file or directory should be, such as 0644 as would be fed to chmod". I
can feed "g+w" to chmod, so I kinda expected being able to use it with
Ansible either.
Anyway, how can I set just some, not all, permission bits of a
recursive directory hierarchy? The culprit is "x" permission, which
means completely different things for file vs dir. So, if I use 0775,
all files will become executable. And if I use 0664, all directories
would become non-searchable.
To remind, chmod, besides constructs like "g+w" to set just "w" bit for
groups, has another device to deal with the issue above -
"X" (capital), which will set "x" bit only for dirs.
Thanks,
Paul mailto:pmiscml@gmail.com
Per the documentation:
“recursively set the specified file attributes (applies only to state=directory) (added in Ansible 1.1)”
This was submitted quite a while ago, perhaps it could be merged?
Hello,
Per the documentation:
"recursively set the specified file attributes (applies only to
state=directory) (added in Ansible 1.1)"
So the mode specified when using recurse=yes should be the mode you
want applied to the directories. If you want more complex permission
setups for large directories of files, I would recommend looking at
the synchronize module.
And yet:
- name: Set download dir permissions
file: dest={{www_dir}} state=directory
owner=linaro-ci-publish group=bot-publishers
mode=0775
recurse=yes
sudo: yes
Before:
-rw-rw-r-- 1 www-data www-data 11 Mar 20 2013 HEADER.html
After:
-rwxrwxr-x 1 linaro-ci-publish bot-publishers 11 Mar 20 2013
HEADER.html
Bottom line? Ansible docs are nowhere detailed enough to remind even
Ansible developers how modules actually work, what to say about users
who need to *learn* how it works.
Another issue is that recursive=yes appear to work rather slow (taking
chmod -R as reference).
We welcome improvements via pull request. Just click the edit link on any page of the docs in the upper right for a link to the GitHub page.
If it’s a module, the docs are embedded in the module source.
Hi Michael,
I’ve been using Puppet for some time to configure our servers and I’m seriously looking at moving to Ansible. In general I like Ansible a lot more than Puppet but this issue seems to be one area that Puppet has a solution for and Ansible doesn’t. Is there a way to make sure that directories get the x permission while files don’t when using the recurse feature? If not, is there a workaround?
Regards,
Damien
I’m really not interested in tool comparisons here, but Puppet has not done the recursive thing either and actually takes the position you have to spec out every file path along the way.
I worked for them, I remember this, and I agree. We do the same thing.
I’m really not interested in tool comparisons here, but Puppet has not done the recursive thing either and actually takes the position you have to spec out every file path along the way.
I suspect Damien meant:
file { ‘/target’:
source => ‘file:///source’,
recurse => true,
mode => ‘0644’,
}
If /source contains a directory hierarchy, then all files contained will be copied to /target with mode ‘0644’ and all directories (including /target itself) with mode ‘0755’.
That can be quite useful.
Cheers,
Paul
Ansible does have a recursive copy, so I imagine you are requesting a change in the permissions structure?
I’d also recommend the synchronize module versus passing recurse to the copy module. It’s backed by rsync and is much more efficient.