5

I'm trying to run an arbitrary Ansible module with a specific umask (0002).

Some Ansible modules (like git) support a umask parameter (or a mode parameter to set permissions directly), but many do not.
To my knowledge, Ansible does not invoke a shell (unless you use the shell module), so changing the umask in my shell profile is useless.
My approach was to change the UMASK line in /etc/login.defs, but that didn't make a difference to Ansible. The umask remains at 0022.
PAM seems to be configured to include pam_umask.so.

I know I could use the shell module as a workaround (shell: umask 0002; some_command) but that seems like an ugly hack.

How do I get Ansible to respect my umask?

This is Ansible 2.9.9 targeting a CentOS 8 System.

Aljoscha Vollmerhaus
  • 81
  • 1
  • 3
  • There is not reason why this would not work. If it does not work is not because of Ansible. – sorin May 16 '21 at 10:36
  • In case you are running Ansible locally, did you remember to logout and login again after changing `/etc/login.defs`? You might also have to enable the `pam_umask.so` PAM module. See https://stackoverflow.com/questions/10220531 – Zero3 Feb 11 '22 at 20:34
  • Good point, but in this case Ansible was targeting a remote system – Aljoscha Vollmerhaus Feb 14 '22 at 15:05

0 Answers0