Weird permission problem with Ansible

microlinux · April 22, 2025, 11:37am

Hi,

I’m currently fine-tuning my Ansible playbook for installing my Rocky Linux desktop. K3B needs a few special permissions (as discussed in a recent thread), so I thought I might add these to the playbook. Here’s what I should have:

- name: Fix permissions for cdrdao
  ansible.builtin.file:
    path: /usr/bin/cdrdao
    owner: root
    group: cdrom
    mode: 4710

- name: Fix permissions for wodim
  ansible.builtin.file:
    path: /usr/bin/wodim
    owner: root
    group: cdrom
    mode: 4710

And here’s the unexpected weird end result of running this:

# ls -l /usr/bin/{cdrdao,wodim}
---xr--rwT. 1 root cdrom 624056 Jun 29  2022 /usr/bin/cdrdao
---xr--rwT. 1 root cdrom 373640 Jan 19  2022 /usr/bin/wodim

Can’t Ansible handle the somewhat special 4710 permissions ?

I’m puzzled.

microlinux · April 22, 2025, 11:44am

I’ll answer that myself, since I just found the solution. I just have to quote the permissions.

jlehtone · April 22, 2025, 1:27pm

Yes.

The ansible-doc ansible.builtin.fileexplains:

For those used to ‘/usr/bin/chmod’ remember that modes are actually octal numbers. You must either add a leading zero so that Ansible’s YAML parser knows it is an octal number (like 0644 or 01777) or quote it (like '644' or '1777') so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.

microlinux · April 22, 2025, 1:51pm

In other words, I could very well not have quoted the mode, but just written 04710 instead of 4710, if I understand this correctly.

iwalker · April 22, 2025, 2:35pm

Yep, that would seem to be the case.