a84b6847fc
The search for world-writable files is very intensive and causes some long delays when running playbooks. This patch makes it optional and updates the documentation to match. Change-Id: I206f75597c48023a889bd7027daff2eff82b1a16
868 B
---id: V-72047 status: opt-in tag: file_perms ---
The tasks in the security role examine the world-writable directories
on the system and report any directories that are not group-owned by the
root user. Those directories appear in the Ansible
output.
Deployers should review the list of directories and group owners to ensure that they are appropriate for the directory. Unauthorized group ownership could allow certain users to modify files from other users.
Searching the entire filesystem for world-writable directories will consume a significant amount of disk I/O and could impact the performance of a production system. It can also delay the playbook's completion. Therefore, the search is disabled by default.
Deployers can enable the search by setting the following Ansible variable:
security_find_world_writable_dirs: yes