From 9da06274a8729924f32b3d83897268caad7de2a6 Mon Sep 17 00:00:00 2001
From: Jiri Barton <jbar@tele3.cz>
Date: Tue, 29 Apr 2014 08:40:08 -0500
Subject: [PATCH] Set proper file permisions when a file is created with
 atomic_move

Fixes #7196
---
 lib/ansible/module_utils/basic.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/ansible/module_utils/basic.py b/lib/ansible/module_utils/basic.py
index b09b637fd9..60a4d0655f 100644
--- a/lib/ansible/module_utils/basic.py
+++ b/lib/ansible/module_utils/basic.py
@@ -1020,8 +1020,14 @@ class AnsibleModule(object):
                 self.cleanup(tmp_dest.name)
                 self.fail_json(msg='Could not replace file: %s to %s: %s' % (src, dest, e))
 
-        if creating and os.getenv("SUDO_USER"):
-            os.chown(dest, os.getuid(), os.getgid())
+        if creating:
+            # make sure the file has the correct permissions
+            # based on the current value of umask
+            umask = os.umask(0)
+            os.umask(umask)
+            os.chmod(dest, 0666 ^ umask)
+            if os.getenv("SUDO_USER"):
+                os.chown(dest, os.getuid(), os.getgid())
 
         if self.selinux_enabled():
             # rename might not preserve context