forked from ISTI-ansible-roles/ansible-roles
38 lines
1.9 KiB
YAML
38 lines
1.9 KiB
YAML
---
|
|
- block:
|
|
- name: Create a common group
|
|
group: name={{ d4science_common_group }} state=present
|
|
|
|
- name: Add the gcube users to the common group
|
|
user: name={{ item.name }} append=yes groups={{ d4science_common_group }}
|
|
with_items: '{{ ssh_users_list }}'
|
|
|
|
- name: Create the users d4s data dirs
|
|
file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }}
|
|
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
|
when: item.create and not item.file
|
|
|
|
- name: Set the read/write/access permissions on the users d4s data dirs
|
|
acl: path={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present
|
|
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
|
when: not item.file
|
|
|
|
- name: Set the default read/write/access permissions on the users d4s data dirs
|
|
acl: path={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present default=yes
|
|
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
|
when: not item.file
|
|
|
|
- name: Set the read/write permissions on pre-existing files inside the users d4s data dirs
|
|
acl: path={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rw') }} state=present
|
|
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
|
when: item.file
|
|
|
|
- name: Install a script that recursively sets the ACLs on all the directory tree that must be writeable and readable
|
|
template: src=set-acl-rules.sh.j2 dest=/usr/local/bin/set-acl-rules owner=root group=root mode=0755
|
|
|
|
- name: Run the script that recursively sets the ACLs
|
|
shell: /usr/local/bin/set-acl-rules
|
|
when: d4s_force_acls
|
|
|
|
tags: [ 'd4s', 'users', 'd4s_u_acl' ]
|