recordsansible/ara
Code Issues Proposed changes

role: Do not escalate privileges for creating base directories

Browse Source 
Otherwise we can end up doing something like escalating privileges for
creating directories in /tmp/ and then the regular user won't have
access to them.

We can revisit this later if need be.

Change-Id: Ieb33c23f2d278ed1156a8bc2d39c41bb9b4bb6f6
This commit is contained in:
David Moreau Simard 2019-05-15 07:51:31 -04:00
parent 5f628b8877
commit f8e31af454
No known key found for this signature in database
GPG Key ID: CBEB466764A9E621
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
roles/ara_api/tasks/pre-requirements.yaml
View File

@ -54,21 +54,18 @@
# The following tasks dynamically enable escalated privileges only when the
# directory to create is not located in the user's home directory.
- name: Ensure ara_api_root_dir exists
become: "{{ (ansible_user_dir in ara_api_root_dir) | ternary(false, true) }}"
file:
path: "{{ ara_api_root_dir }}"
state: directory
mode: 0755
- name: Ensure ara_api_base_dir exists
become: "{{ (ansible_user_dir in ara_api_base_dir) | ternary(false, true) }}"
file:
path: "{{ ara_api_base_dir }}"
state: directory
mode: 0750
- name: Ensure ara_api_log_dir exists
become: "{{ (ansible_user_dir in ara_api_log_dir) | ternary(false, true) }}"
file:
path: "{{ ara_api_log_dir }}"
state: directory