mirror of
https://github.com/ansible-collections/ansible.posix.git
synced 2026-06-09 18:15:54 +00:00
714c50bdb7
Fixes #462 notice permission denied on authorized_key module
SUMMARY
As of right now the authorized_key module does not notice on an "absent" if a authorized_keys file is simply not readable to the executing user. I am trying to fix that
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
authorized_key
ADDITIONAL INFORMATION
Execute as a user that does not have access to the root users authorized keys file
- name: Delete key from root user
ansible.posix.authorized_key:
state: absent
user: root
key: ssh-rsa xxxxxxxx
- name: Delete key from root user
become: true
ansible.posix.authorized_key:
state: absent
user: root
key: ssh-rsa xxxxxxxx
The one without become will succeed before my change and will fail with a permission denied error after my change. The 2nd task will actually remove a key from root user if become privileges are available for the executing user
Reviewed-by: Brian Coca
Reviewed-by: Klaas Demter
Reviewed-by: Felix Fontein <felix@fontein.de>
Reviewed-by: Hideki Saito <saito@fgrep.org>
(cherry picked from commit 72a6eb9729)
Co-authored-by: softwarefactory-project-zuul[bot] <33884098+softwarefactory-project-zuul[bot]@users.noreply.github.com>
40 lines
1.4 KiB
YAML
40 lines
1.4 KiB
YAML
---
|
|
# test code for the authorized_key module
|
|
# - (c) 2014, James Cammarata <jcammarata@ansible.com>
|
|
# - (c) 2021, Hideki Saito <saito@fgrep.org>
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
- name: Setup testing environment
|
|
ansible.builtin.import_tasks: setup_steps.yml
|
|
|
|
- name: Test for multiple keys handling
|
|
ansible.builtin.import_tasks: multiple_keys.yml
|
|
|
|
- name: Test for ssh-dss key handling
|
|
ansible.builtin.import_tasks: ssh_dss.yml
|
|
|
|
- name: Test for check mode
|
|
ansible.builtin.import_tasks: check_mode.yml
|
|
|
|
- name: Test for the management of comments with key
|
|
ansible.builtin.import_tasks: comments.yml
|
|
|
|
- name: Test for specifying key as a path
|
|
ansible.builtin.import_tasks: check_path.yml
|
|
|
|
- name: Test for permission denied files
|
|
ansible.builtin.import_tasks: check_permissions.yml
|