[PR #8057/c13bede0 backport][stable-7] pam_limits: do not create file in check mode when it does not exist (#8070)

pam_limits: do not create file in check mode when it does not exist (#8057)

Do not create file in check mode when it does not exist.

(cherry picked from commit c13bede0c5)

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
patchback[bot] 2024-03-09 12:42:09 +00:00 committed by GitHub
commit ddf566a729
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 17 additions and 10 deletions

View file

@ -175,7 +175,6 @@ def main():
limits_conf = '/etc/security/limits.conf'
module = AnsibleModule(
# not checking because of daisy chain to file module
argument_spec=dict(
domain=dict(required=True, type='str'),
limit_type=dict(required=True, type='str', choices=pam_types),
@ -201,6 +200,7 @@ def main():
new_comment = module.params['comment']
changed = False
does_not_exist = False
if os.path.isfile(limits_conf):
if not os.access(limits_conf, os.W_OK):
@ -208,7 +208,7 @@ def main():
else:
limits_conf_dir = os.path.dirname(limits_conf)
if os.path.isdir(limits_conf_dir) and os.access(limits_conf_dir, os.W_OK):
open(limits_conf, 'a').close()
does_not_exist = True
changed = True
else:
module.fail_json(msg="directory %s is not writable (check presence, access rights, use sudo)" % limits_conf_dir)
@ -224,15 +224,20 @@ def main():
space_pattern = re.compile(r'\s+')
if does_not_exist:
lines = []
else:
with open(limits_conf, 'rb') as f:
lines = list(f)
message = ''
f = open(limits_conf, 'rb')
# Tempfile
nf = tempfile.NamedTemporaryFile(mode='w+')
found = False
new_value = value
for line in f:
for line in lines:
line = to_native(line, errors='surrogate_or_strict')
if line.startswith('#'):
nf.write(line)
@ -323,17 +328,17 @@ def main():
message = new_limit
nf.write(new_limit)
f.close()
nf.flush()
with open(limits_conf, 'r') as content:
content_current = content.read()
with open(nf.name, 'r') as content:
content_new = content.read()
if not module.check_mode:
# Copy tempfile to newfile
if does_not_exist:
with open(limits_conf, 'a'):
pass
# Move tempfile to newfile
module.atomic_move(nf.name, limits_conf)
try:
@ -344,7 +349,7 @@ def main():
res_args = dict(
changed=changed,
msg=message,
diff=dict(before=content_current, after=content_new),
diff=dict(before=b''.join(lines), after=content_new),
)
if backup: