主页 / coding / 问题 / 79234538
Accepted
Mak S
Asked: 2024-11-28 23:42:24 +0800 CST

递归更改父目录链的所有权

  • 772

我有一个默认的目标 Linux 节点umask=0077。当我运行剧本时

- name: Create folder for app
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: app_user
    mode: 0755
  with_items:
    - "/opt/app/folder1/bin"
    - "/etc/program/folder2"

参数“mode”仅适用于最后一个文件夹(binfolder2)。根据 umask,所有父目录都具有严格权限。

如何设置父目录所需的权限(不是全部/opt/etc仅针对链):

  1. /opt,,,,/opt/app/opt/app/folder1/opt/app/folder1/bin
  2. /etc,,/etc/program/etc/program/folder2
ansible

1 个回答

  1. Best Answer

    问:“更改所有中间父文件夹的权限。”

    简短的回答:当所有子目录都存在时,模块文件不知道从哪里开始更改权限。

    详细信息:例如,给定路径,声明要开始更改权限的深度。在本例中, depth=1是根目录,depth=2/tmp9

      path1: /tmp9/a/b/c
  path2: /tmp9/x/y/z
  depth: 2

    创建一个循环文件​​,逐步更改子目录

    shell> cat subdirs.yml
- file:
    path: "{{ root }}/{{ subs[:ansible_loop.index] | join('/') }}"
    state: directory
    owner: admin
    mode: 0755
  loop: "{{ subs }}"
  loop_control:
    extended: true
  vars:
    dirs: "{{ outer_item | split('/') }}"
    root: "{{ dirs[:depth] | join('/') }}"
    subs: "{{ dirs[depth:] }}"

    循环中包含此任务

        - include_tasks: subdirs.yml
      loop:
        - "{{ path1 }}"
        - "{{ path2 }}"
      loop_control:
        loop_var: outer_item

    鉴于下面的树,该任务是幂等的

    shell> tree -pu /tmp9
[drwxr-xr-x root    ]  /tmp9
├── [drwxr-xr-x admin   ]  a
│   └── [drwxr-xr-x admin   ]  b
│       └── [drwxr-xr-x admin   ]  c
└── [drwxr-xr-x admin   ]  x
    └── [drwxr-xr-x admin   ]  y
        └── [drwxr-xr-x admin   ]  z

    如果你改变模式

        mode: 0700

    该任务改变权限

    shell> tree -pu /tmp9
[drwxr-xr-x root    ]  /tmp9
├── [drwx------ admin   ]  a
│   └── [drwx------ admin   ]  b
│       └── [drwx------ admin   ]  c
└── [drwx------ admin   ]  x
    └── [drwx------ admin   ]  y
        └── [drwx------ admin   ]  z

    完整测试剧本的示例

    - hosts: localhost
  become: true

  vars:

    path1: /tmp9/a/b/c
    path2: /tmp9/x/y/z
    depth: 2

  tasks:

    - include_tasks: subdirs.yml
      loop:
        - "{{ path1 }}"
        - "{{ path2 }}"
      loop_control:
        loop_var: outer_item

    模块文件按预期工作。引用:

    如果是“目录”,则将创建所有中间子目录(如果不存在)。从 Ansible 1.7 开始,将使用提供的权限创建它们。

    例如,给定空目录

    shell> tree -pu /tmp9
[drwxr-xr-x root    ]  /tmp9

    这出戏

    - hosts: localhost
  become: true

  vars:

    path1: /tmp9/a/b/c
    path2: /tmp9/x/y/z

  tasks:

    - file:
        path: "{{ item }}"
        state: directory
        owner: admin
        mode: 0755
      loop:
        - "{{ path1 }}"
        - "{{ path2 }}"

    创建树

    shell> tree -pu /tmp9
[drwxr-xr-x root    ]  /tmp9
├── [drwxr-xr-x admin   ]  a
│   └── [drwxr-xr-x admin   ]  b
│       └── [drwxr-xr-x admin   ]  c
└── [drwxr-xr-x admin   ]  x
    └── [drwxr-xr-x admin   ]  y
        └── [drwxr-xr-x admin   ]  z

    ,但改变模式

            mode: 0700

    仅更改最后一个子目录的权限

    shell> tree -pu /tmp9
[drwxr-xr-x root    ]  /tmp9
├── [drwxr-xr-x admin   ]  a
│   └── [drwxr-xr-x admin   ]  b
│       └── [drwx------ admin   ]  c
└── [drwxr-xr-x admin   ]  x
    └── [drwxr-xr-x admin   ]  y
        └── [drwx------ admin   ]  z
    • 2

相关问题