My current playbook is working but it is not checking the folders group permissions recursively.
It only checks at the last level of the folder hierarchy (e.g. /*/bin, /*/sbin ...)
How can I modify my below playbook sot that it checks folder permissions on the entire path ?
- name: Ensure system directories are owned by root group.
block:
- name: Verify the command directories exist.
become: true
stat:
path: "{{ item }}"
loop:
- /bin/
- /sbin/
- /usr/bin/
- /usr/sbin/
- /usr/local/bin
- /usr/local/sbin
register: command_directories
- name: Verify command directories belong to root.
loop: |
{{ command_directories.results|map(attribute='item')|zip(command_directories.results|map(attribute='stat.gr_name'))|list }}
assert:
that: item.1 == 'root'
loop_control:
label: "{{ item.0 }}"
- set_fact:
stig_text: "PASSED"
rescue:
- name: configure the command directories ownership to root and create if it doesn't exist.
become: true
file:
path: "{{ item.item }}"
group: root
state: "{{ 'directory' if item.stat.exists else 'touch' }}"
recurse: yes
loop: "{{ command_directories.results }}"
register: file_perms_rule
- set_fact:
stig_text: "PASSED"
when: file_perms_rule.changed
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
