Move setting for world-readable-tempfiles back to global config.

The code that depends on this is all in the action plugins so we should leave it there until we either move that action plugin code over (fixup_perms2) or we give action plugins the ability to register new config.
2026-05-08 06:12:51 +00:00 · 2018-01-22 15:35:33 -08:00
parent 5c2f3e3b8c
commit 62bc714dae
3 changed files with 14 additions and 13 deletions
--- a/lib/ansible/plugins/action/init.py
+++ b/lib/ansible/plugins/action/init.py
@@ -383,7 +383,7 @@ class ActionBase(with_metaclass(ABCMeta, object)):
        * If the chown fails we can set the file to be world readable so that
          the second unprivileged user can read the file.
          Since this could allow other users to get access to private
-          information we only do this ansible is configured with
+          information we only do this if ansible is configured with
          "allow_world_readable_tmpfiles" in the ansible.cfg
        """
        if remote_user is None:
@@ -431,7 +431,7 @@ class ActionBase(with_metaclass(ABCMeta, object)):
                    raise AnsibleError('Failed to change ownership of the temporary files Ansible needs to create despite connecting as a privileged user. '
                                       'Unprivileged become user would be unable to read the file.')
                elif res['rc'] != 0:
-                    if self._connection._shell('allow_world_readable_temp'):
+                    if C.ALLOW_WORLD_READABLE_TMPFILES:
                        # chown and fs acls failed -- do things this insecure
                        # way only if the user opted in in the config file
                        display.warning('Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. '