You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In an attempt to clear and repopulate access control lists for a folder and its child items (folders and files), I cleared all access permissions manually from items and then attempted to set the owner recursively using this module. The action fails with the message that access is denied to the folder. When you do the same thing in the Windows UI, the option to set ownership recursively is provided and works flawlessly in this same scenario.
Remove all acl entries and inheritance for a folder and its child items
Run a playbook (as a user with admin rights) containing the task shown below
Error message is:
fatal: [<SERVER_NAME>]: FAILED! => {"changed": false, "msg": "an error occurred when attempting to change owner on C:\Certbot for : Access to the path 'C:\Certbot\accounts' is denied."}
A task in an included role
- name: Ensure certbot folder ownership is setbecome: truewhen: ansible_facts['os_family'] == 'Windows' ansible.windows.win_owner:
path: C:\Certbotuser: "{{ ansible_user }}"recurse: true
EXPECTED RESULTS
The ownership should be set as the current ansible user on the folder and its child items. (This then allows adding inheritable permissions to the same)
ACTUAL RESULTS
TASK [acdlabs.certbot.certbot : Ensure certbot folder ownership is set] ******************************************************************
fatal: [kat06_webserver]: FAILED! => {"changed": false, "msg": "an error occurred when attempting to change owner on C:\\Certbot for smarsh: Access to the path 'C:\\Certbot\\accounts' is denied."}
The text was updated successfully, but these errors were encountered:
While the module should probably enable the privilege if present I believe the problem is stemming from using become: true on the task. When you don't use become all the account's privileges will be enabled which includes SeRestorePrivilege, SeBackupPrivilege, and SeTakeOwnershipPrivilege needed to set the owner when you don't have rights to do so normally. When you use become those privileges will still be present, they are just not enabled by default. You can see the difference by running and seeing the values for privileges
- win_whoami:
- win_whoami:
become: true
I'll work on fixing up the module so it'll enable those privileges explicitly to work in these scenarios but hopefully that workaround will get you going for now.
I've opened #634 which does a minor rewrite of the module but will also enable those 3 privileges explicitly to work in a become scenario. I've also added some tests to verify that this actually fixes the problem.
Thanks for reporting this bug and sharing this info!
SUMMARY
In an attempt to clear and repopulate access control lists for a folder and its child items (folders and files), I cleared all access permissions manually from items and then attempted to set the owner recursively using this module. The action fails with the message that access is denied to the folder. When you do the same thing in the Windows UI, the option to set ownership recursively is provided and works flawlessly in this same scenario.
ISSUE TYPE
COMPONENT NAME
win_owner
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
Error message is:
fatal: [<SERVER_NAME>]: FAILED! => {"changed": false, "msg": "an error occurred when attempting to change owner on C:\Certbot for : Access to the path 'C:\Certbot\accounts' is denied."}
EXPECTED RESULTS
The ownership should be set as the current ansible user on the folder and its child items. (This then allows adding inheritable permissions to the same)
ACTUAL RESULTS
The text was updated successfully, but these errors were encountered: