使用ansible修改/etc/shadow文件的acl权限失败-问答-阿里云开发者社区-阿里云

开发者社区> 问答> 正文

使用ansible修改/etc/shadow文件的acl权限失败

祝小祝 2018-12-17 13:15:57 2028

我使用ansible修改其他配置文件时都可以修改,在修改/etc/shadow文件时会报错:
setfacl: /etc/shadow: Operation not permittednon-zero return code
setfacl: /etc/shadow: Operation not permitted
请问怎样才能使用ansible来修改/etc/shadow文件的acl权限呢?

我使用shell模块 ansible test1 -m shell -a 'setfacl -m user:aiuap:r /etc/shadow'
如下报错
10.124.210.222 | FAILED | rc=1 >>
setfacl: /etc/shadow: Operation not permittednon-zero return code

我使用acl模块 ansible test1-m acl -a 'path=/etc/shadow entity=test etype=user permissions=r state=present'
如下报错
10.124.210.222 | FAILED! => {

"changed": false, 
"cmd": "/usr/bin/setfacl -m user:test:r /etc/shadow", 
"msg": "setfacl: /etc/shadow: Operation not permitted", 
"rc": 1, 
"stderr": "setfacl: /etc/shadow: Operation not permitted\n", 
"stderr_lines": [
    "setfacl: /etc/shadow: Operation not permitted"
], 
"stdout": "", 
"stdout_lines": []

}

我使用script模块 ansible test1 -m script -a './acl.sh'
提示成功,但是实际上并未修改/etc/shadow的文件acl权限.
10.124.210.222 | SUCCESS => {

"changed": true, 
"rc": 0, 
"stderr": "Shared connection to 10.124.210.222 closed.\r\n", 
"stderr_lines": [
    "Shared connection to 10.124.210.222 closed."
], 
"stdout": "setfacl: /etc/shadow: Operation not permitted\r\ngetfacl: Removing leading '/' from absolute path 

namesrn# file: etc/shadowrn# owner: rootrn# group: rootrnuser::---rngroup::---rnother::---rnrn", "stdout_lines": [

    "setfacl: /etc/shadow: Operation not permitted", 
    "getfacl: Removing leading '/' from absolute path names", 
    "# file: etc/shadow", 
    "# owner: root", 
    "# group: root", 
    "user::---", 
    "group::---", 
    "other::---", 
    ""
]

}

Shell
分享到
取消 提交回答
全部回答(1)
  • timandes
    2019-07-17 23:22:30

    试试增加参数--become-user=root

    0 0
开发与运维
使用钉钉扫一扫加入圈子
+ 订阅

集结各类场景实战经验,助你开发运维畅行无忧

推荐文章
相似问题
推荐课程