From cad0adc6912f2844292cfadec982789b6e3fff6b Mon Sep 17 00:00:00 2001 From: Sam Thursfield Date: Mon, 23 Mar 2015 15:07:02 +0000 Subject: [PATCH] Fix permissions issue with 'cron' module I have a task like this in a playbook. The ansible_ssh_user is 'root' for this host. - cron: hour: 00 job: /home/backup/backup.sh name: baserock.org data backup user: backup Running it gave me the following error: TASK: [backup cron job, runs every day at midnight] *************************** failed: [baserock-backup1] => {"failed": true} msg: crontab: can't open '/tmp/crontabvVjoZe': Permission denied crontab: user backup cannot read /tmp/crontabvVjoZe The temporary file created by the 'cron' module is created with the Python tempfile.mkstemp() function. This creates a file that is readable only by 'root' (mode 600). The Busybox `crontab` program then checks if the file is readable by the 'backup' user, and fails if it isn't. So we need to make sure the file is world-readable before running `crontab`. --- lib/ansible/modules/system/cron.py | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/ansible/modules/system/cron.py b/lib/ansible/modules/system/cron.py index 88985e2307..7cb3785b91 100644 --- a/lib/ansible/modules/system/cron.py +++ b/lib/ansible/modules/system/cron.py @@ -228,6 +228,7 @@ class CronTab(object): fileh = open(self.cron_file, 'w') else: filed, path = tempfile.mkstemp(prefix='crontab') + os.chmod(path, 0o644) fileh = os.fdopen(filed, 'w') fileh.write(self.render())