risky-octal¶

此规则检查八进制文件权限是否为包含前导零的字符串，或者是否以符号模式编写，例如 u+rwx 或 u=rw,g=r,o=r。

在 YAML 中使用整数或八进制值可能会导致意外行为。例如，YAML 加载器将 0644 解释为十进制数 420，但将其写为 644 会产生非常不同的结果。

检查的模块

有问题的代码¶

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Unsafe example of declaring Numeric file permissions
      ansible.builtin.file:
        path: /etc/foo.conf
        owner: foo
        group: foo
        mode: 644

正确的代码¶

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Safe example of declaring Numeric file permissions (1st solution)
      ansible.builtin.file:
        path: /etc/foo.conf
        owner: foo
        group: foo
        mode: "0644" # <- quoting and the leading zero will prevent surprises
        # "0o644" is also a valid alternative.