Ansible tasks should set explicit file permissions
mboersma opened this issue · 5 comments
What steps did you take and what happened:
Run make -C images/capi lint
and notice that the project is ignoring a few linter warnings of the type risky-file-permissions: File permissions unset or incorrect.
See here for details.
Fixing this usually involves setting an appropriate Linux permission on a resource. This is generally 0755
for directories and 0644
for files, but each case needs to be looked at individually.
There are also cases where files are being deleted (which shouldn't require permissions to be explicit), but the linter can't tell that since the state:
field is being populated from a loop variable. That can be refactored so state: absent
is hard-coded.
What did you expect to happen:
The linter shouldn't report any of this type of warning.
Anything else you would like to add:
Here's one way to fix it:
cd images/capi
rm .ansible-lint-ignore # so the linter reports existing issues
ansible-lint --tags=risky-file-permissions ansible
# Edit the code flagged in each of the "risky-file-permissions" warnings
# and re-run the above command until the warnings are gone. Then,
make lint-ignore
git add .
git commit -m "Ansible shell commands set explicit file permissions"
/kind bug
/assign
Hi @mboersma ,
I am interested to work on it. I will reach out if I need more info.
Thanks,
/assign
cd images/capi
rm .ansible-lint-ignore # so the linter reports existing issues
ansible-lint --tags=risky-file-permissions ansible
# Edit the code flagged in each of the "risky-file-permissions" warnings
# and re-run the above command until the warnings are gone. Then,
make lint-ignore
Hi @mboersma,
I ran the command, but all files remained unchanged.