From fcdc281c28269c0dded4e8eae9e9014f0e7c655d Mon Sep 17 00:00:00 2001 From: Michael DeHaan Date: Fri, 27 Jul 2012 20:53:50 -0400 Subject: [PATCH] If sudoing to a user other than root, the home directory of the original user is very unlikely to be readable by the sudoed to user, so just use tmp. Data will be readable by others (briefly before deletion) but never writeable. --- lib/ansible/runner/__init__.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/ansible/runner/__init__.py b/lib/ansible/runner/__init__.py index e54806f952..c0c3cecb31 100644 --- a/lib/ansible/runner/__init__.py +++ b/lib/ansible/runner/__init__.py @@ -641,6 +641,8 @@ class Runner(object): basetmp = os.path.join(C.DEFAULT_REMOTE_TMP, basefile) if self.remote_user == 'root': basetmp = os.path.join('/var/tmp', basefile) + elif self.sudo and self.sudo_user != 'root': + basetmp = os.path.join('/tmp', basefile) cmd = 'mkdir -p %s' % basetmp if self.remote_user != 'root':