Fix 'Permission denied' in user module while generating SSH keys (#78040) (#78054)

* Fix 'Permission denied' in user module while generating SSH keys

Fix #78017
Use try/except for spwd usage to prevent "Permission denied".

Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 30a923fb5c164d6cd18280c02422f75e611e8fb2)

2 files changed, 13 insertions, 1 deletions

diff --git a/changelogs/fragments/permission-denied-spwd-module.yml b/changelogs/fragments/permission-denied-spwd-module.yml
new file mode 100644
index 0000000000..437df4bc2a
--- /dev/null
+++ b/changelogs/fragments/permission-denied-spwd-module.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - user - Fix error "Permission denied" in user module while generating SSH keys (https://github.com/ansible/ansible/issues/78017).
diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py
index b247ba3682..3e35e90fac 100644
--- a/lib/ansible/modules/user.py
+++ b/lib/ansible/modules/user.py
@@ -1052,7 +1052,17 @@ class User(object):
         max_needs_change = self.password_expire_max is not None
 
         if HAVE_SPWD:
-            shadow_info = spwd.getspnam(self.name)
+            try:
+                shadow_info = spwd.getspnam(self.name)
+            except KeyError:
+                return None, '', ''
+            except OSError as e:
+                # Python 3.6 raises PermissionError instead of KeyError
+                # Due to absence of PermissionError in python2.7 need to check
+                # errno
+                if e.errno in (errno.EACCES, errno.EPERM, errno.ENOENT):
+                    return None, '', ''
+                raise
             min_needs_change &= self.password_expire_min != shadow_info.sp_min
             max_needs_change &= self.password_expire_max != shadow_info.sp_max