From f8e31af454615f21dbb8abc0970addaecdbe5daa Mon Sep 17 00:00:00 2001 From: David Moreau Simard Date: Wed, 15 May 2019 07:51:31 -0400 Subject: [PATCH] role: Do not escalate privileges for creating base directories Otherwise we can end up doing something like escalating privileges for creating directories in /tmp/ and then the regular user won't have access to them. We can revisit this later if need be. Change-Id: Ieb33c23f2d278ed1156a8bc2d39c41bb9b4bb6f6 --- roles/ara_api/tasks/pre-requirements.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/ara_api/tasks/pre-requirements.yaml b/roles/ara_api/tasks/pre-requirements.yaml index ba4e2384..632fe8c7 100644 --- a/roles/ara_api/tasks/pre-requirements.yaml +++ b/roles/ara_api/tasks/pre-requirements.yaml @@ -54,21 +54,18 @@ # The following tasks dynamically enable escalated privileges only when the # directory to create is not located in the user's home directory. - name: Ensure ara_api_root_dir exists - become: "{{ (ansible_user_dir in ara_api_root_dir) | ternary(false, true) }}" file: path: "{{ ara_api_root_dir }}" state: directory mode: 0755 - name: Ensure ara_api_base_dir exists - become: "{{ (ansible_user_dir in ara_api_base_dir) | ternary(false, true) }}" file: path: "{{ ara_api_base_dir }}" state: directory mode: 0750 - name: Ensure ara_api_log_dir exists - become: "{{ (ansible_user_dir in ara_api_log_dir) | ternary(false, true) }}" file: path: "{{ ara_api_log_dir }}" state: directory