no-same-owner¶
此规则检查所有者和组是否不会跨主机传输。
在许多情况下,远程主机上的所有者和组与分配给源文件的组所有者不匹配。在传输过程中保留所有者和组可能会导致权限错误或泄漏敏感信息。
同步文件时,应通过设置owner: false和group: false参数来避免传输所有者和组。当使用ansible.builtin.unarchive模块解压缩存档时,应设置--no-same-owner选项。
这是一个可选规则。您必须在 Ansible-lint 配置中启用它,如下所示:
问题代码¶
---
- name: Example playbook
hosts: all
tasks:
- name: Synchronize conf file
ansible.posix.synchronize:
src: /path/conf.yaml
dest: /path/conf.yaml # <- Transfers the owner and group for the file.
- name: Extract tarball to path
ansible.builtin.unarchive:
src: "{{ file }}.tar.gz"
dest: /my/path/ # <- Transfers the owner and group for the file.
正确代码¶
---
- name: Example playbook
hosts: all
tasks:
- name: Synchronize conf file
ansible.posix.synchronize:
src: /path/conf.yaml
dest: /path/conf.yaml
owner: false
group: false # <- Does not transfer the owner and group for the file.
- name: Extract tarball to path
ansible.builtin.unarchive:
src: "{{ file }}.tar.gz"
dest: /my/path/
extra_opts:
- --no-same-owner # <- Does not transfer the owner and group for the file.