diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-03-23 15:07:02 +0000 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-03-23 15:09:05 +0000 |
commit | adf1cba7454985ad46d15363f7d00d142a022005 (patch) | |
tree | 4f34b5c33fefd67e1aed7c0291b82ab5e5e980ed | |
parent | bad542025d517c16a41a2755190045e419302ab9 (diff) | |
download | ansible-modules-core-adf1cba7454985ad46d15363f7d00d142a022005.tar.gz |
Fix permissions issue with 'cron' module
I have a task like this in a playbook. The ansible_ssh_user is 'root'
for this host.
- cron:
hour: 00
job: /home/backup/backup.sh
name: baserock.org data backup
user: backup
Running it gave me the following error:
TASK: [backup cron job, runs every day at midnight] ***************************
failed: [baserock-backup1] => {"failed": true}
msg: crontab: can't open '/tmp/crontabvVjoZe': Permission denied
crontab: user backup cannot read /tmp/crontabvVjoZe
The temporary file created by the 'cron' module is created with the
Python tempfile.mkstemp() function. This creates a file that is readable
only by 'root' (mode 600). The Busybox `crontab` program then checks if
the file is readable by the 'backup' user, and fails if it isn't. So we
need to make sure the file is world-readable before running `crontab`.
-rw-r--r-- | system/cron.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/system/cron.py b/system/cron.py index c0a39b61..731987a1 100644 --- a/system/cron.py +++ b/system/cron.py @@ -227,6 +227,7 @@ class CronTab(object): fileh = open(self.cron_file, 'w') else: filed, path = tempfile.mkstemp(prefix='crontab') + os.chmod(path, 0o644) fileh = os.fdopen(filed, 'w') fileh.write(self.render()) |