forked from ISTI-ansible-roles/ansible-roles
acls for users and files: We can use the X mode for the executable bit so that directories and files are managed differently.
This commit is contained in:
Andrea Dell'Amico
parent
d74caa1d87
commit
1f93b6f542
|
|
@ -12,26 +12,26 @@
|
||||||
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
||||||
when: item.create and not item.file
|
when: item.create and not item.file
|
||||||
|
|
||||||
- name: Set the read/write/access permissions on the users d4s data dirs
|
|
||||||
acl: path={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present
|
|
||||||
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
|
||||||
when: not item.file
|
|
||||||
|
|
||||||
- name: Set the default read/write/access permissions on the users d4s data dirs
|
- name: Set the default read/write/access permissions on the users d4s data dirs
|
||||||
acl: path={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present default=yes
|
acl: path={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rwX') }} state=present default=yes recursive=yes
|
||||||
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
||||||
when: not item.file
|
when: not item.file
|
||||||
|
|
||||||
- name: Set the read/write permissions on pre-existing files inside the users d4s data dirs
|
- name: Set the read/write/access permissions on the users d4s data dirs
|
||||||
acl: path={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rw') }} state=present
|
acl: path={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rwX') }} state=present recursive=yes
|
||||||
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
with_items: '{{ d4s_users_data_directories | default([]) }}'
|
||||||
when: item.file
|
# when: not item.file
|
||||||
|
|
||||||
|
# - name: Set the read/write permissions on pre-existing files inside the users d4s data dirs
|
||||||
|
# acl: path={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rw') }} state=present
|
||||||
|
# with_items: '{{ d4s_users_data_directories | default([]) }}'
|
||||||
|
# when: item.file
|
||||||
|
|
||||||
- name: Install a script that recursively sets the ACLs on all the directory tree that must be writeable and readable
|
- name: Install a script that recursively sets the ACLs on all the directory tree that must be writeable and readable
|
||||||
template: src=set-acl-rules.sh.j2 dest=/usr/local/bin/set-acl-rules owner=root group=root mode=0755
|
template: src=set-acl-rules.sh.j2 dest=/usr/local/bin/set-acl-rules owner=root group=root mode=0755
|
||||||
|
|
||||||
- name: Run the script that recursively sets the ACLs
|
# - name: Run the script that recursively sets the ACLs
|
||||||
shell: /usr/local/bin/set-acl-rules
|
# shell: /usr/local/bin/set-acl-rules
|
||||||
when: d4s_force_acls
|
# when: d4s_force_acls
|
||||||
|
|
||||||
tags: [ 'd4s', 'users', 'd4s_u_acl' ]
|
tags: [ 'd4s', 'users', 'd4s_u_acl' ]
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue