时间戳

首页 > 解决方案 > 使用循环检查文件夹权限

ansible - 使用循环检查文件夹权限

问题描述

我当前的剧本正在运行,但它没有递归检查文件夹组权限。它只检查文件夹层次结构的最后一级(例如/*/bin/*/sbin...)

如何修改下面的剧本以便检查整个路径上的文件夹权限?

    - name: Ensure system directories are owned by root group.
      block: 
        - name: Verify the command directories exist.
          become: true
          stat:
            path: "{{ item }}"
          loop:
            - /bin/
            - /sbin/
            - /usr/bin/
            - /usr/sbin/
            - /usr/local/bin
            - /usr/local/sbin
          register: command_directories
        
        - name: Verify command directories belong to root.
          loop: |
            {{ command_directories.results|map(attribute='item')|zip(command_directories.results|map(attribute='stat.gr_name'))|list }}
    
          assert:
            that: item.1 == 'root'
          loop_control:
            label: "{{ item.0 }}"
    
        - set_fact:
            stig_text: "PASSED"
        
      rescue:
    
        - name: configure the command directories ownership to root and create if it doesn't exist.
          become: true
          file:
            path: "{{ item.item }}"
            group: root
            state: "{{ 'directory' if item.stat.exists else 'touch' }}"
            recurse: yes
          loop: "{{ command_directories.results }}"
          register: file_perms_rule 
      
        - set_fact:
            stig_text: "PASSED"
          when: file_perms_rule.changed

标签: ansibledevops

解决方案

推荐阅读