fcd6d7010d
* Don't rely on username to check for root privileges The SSH username isn't a reliable way to check if we've got root privileges on the remote system (think "toor" on FreeBSD). Because of this check, Ansible previously tried to use the fallback solutions for granting file access (ACLs, world-readable files) even on systems where it had root privileges when the remote username didn't match the literal string "root". Instead of running checks on the username, just try using `chmod` in any case and fall back to the previous "non-root" solution when that fails. * Fail if we are root and changing ownership failed Since this code is security sensitive we document exactly the expected permissions of the temporary files once this function has run. That way if a flaw is found in one end-result we know more precisely what scenarios are affected and which are not. |
||
|---|---|---|
| .. | ||
| ansible | ||