Do not use the same owner and group to transfer files
ID |
no_same_owner |
Severity |
low |
Vendor |
Ansible |
Resource |
General Security |
Tags |
reachable |
Description
Do not use the same owner and group to transfer files. Preserving the owner and group during transfer can result in errors with permissions or leaking sensitive information.
Learn more about this topic at Ansible no same owner.
Examples
---
- name: Example playbook
hosts: all
tasks:
- name: Synchronize conf file
ansible.posix.synchronize:
src: /path/conf.yaml
dest: /path/conf.yaml # <- Transfers the owner and group for the file.
- name: Extract tarball to path
ansible.builtin.unarchive:
src: "{{ file }}.tar.gz"
dest: /my/path/ # <- Transfers the owner and group for the file.Mitigation / Fix
---
- name: Example playbook
hosts: all
tasks:
- name: Synchronize conf file
ansible.posix.synchronize:
src: /path/conf.yaml
dest: /path/conf.yaml
owner: false
group: false # <- Does not transfer the owner and group for the file.
- name: Extract tarball to path
ansible.builtin.unarchive:
src: "{{ file }}.tar.gz"
dest: /my/path/
extra_opts:
- --no-same-owner # <- Does not transfer the owner and group for the file.