Do not use integers to octal file permissions in YAML

ID

risky_octal

Severity

low

Vendor

Ansible

Resource

General Security

Tags

reachable

Description

Do not use integers to octal file permissions in YAML files. Using integers or octal values in YAML can result in unexpected behavior.

Learn more about this topic at Ansible risky octal.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Unsafe example of declaring Numeric file permissions
      ansible.builtin.file:
        path: /etc/foo.conf
        owner: foo
        group: foo
        mode: 644

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Safe example of declaring Numeric file permissions (1st solution)
      ansible.builtin.file:
        path: /etc/foo.conf
        owner: foo
        group: foo
        mode: 0644 # <- Leading zero will prevent Numeric file permissions to behave in unexpected ways.
    - name: Safe example of declaring Numeric file permissions (2nd solution)
      ansible.builtin.file:
        path: /etc/foo.conf
        owner: foo
        group: foo
        mode: "0644" # <- Being in a string will prevent Numeric file permissions to behave in unexpected ways.