ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-28 23:51:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Ensure managed sudoers config files have 0440 permissions (#4814) (#4828)

Browse source 
* Ensure sudoers config files are created with 0440 permissions to appease visudo validation

* Remove change not required by the bugfix

* Add changelog fragment for 4814 sudoers file permissions

* Update changelogs/fragments/4814-sudoers-file-permissions.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Have less oct casting

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 2d1e58663c)

Co-authored-by: Jon Ellis <ellis.jp@gmail.com>
This commit is contained in:
patchback[bot] 2022-06-12 08:59:53 +02:00 committed by GitHub
commit 1206900488
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tests/integration/targets/sudoers/tasks/main.yml
View file

@ -29,6 +29,11 @@
commands: /usr/local/bin/command
register: rule_1
- name: Stat my-sudo-rule-1 file
ansible.builtin.stat:
path: "{{ sudoers_path }}/my-sudo-rule-1"
register: rule_1_stat
- name: Grab contents of my-sudo-rule-1
ansible.builtin.slurp:
src: "{{ sudoers_path }}/my-sudo-rule-1"
@ -132,6 +137,13 @@
# Run assertions
- name: Check rule 1 file stat
ansible.builtin.assert:
that:
- rule_1_stat.stat.exists
- rule_1_stat.stat.isreg
- rule_1_stat.stat.mode == '0440'
- name: Check changed status
ansible.builtin.assert:
that: