Skip to main content
Super User

Return to Question

edited title
Link
techraf
techraf
  • 4.9k
  • 11
  • 25
  • 42

Permission denied in ansibleAnsible synchronize module

deleted 2 characters in body
Source Link
techraf
techraf
  • 4.9k
  • 11
  • 25
  • 42

I'm using Ansible, among other things, for backing up purposes. I run ansible-playbook with a non-root user (let's say it is user) and ssh as user. After that, I set up privilege escalation to become root on every server. Until now, no problems.

To fetch a remote directory I have something equivalent to the following rule:

- synchronize:
  mode: pull
  delete: true
  src: "{{ dir }}/"
  dest: "{{ tank_base }}/{{ inventory_hostname }}/{{ dir }}/"
  rsync_opts:
    - "--exclude=tmp*"
    - "--exclude=~*"
    - "--exclude=*~"
    - "--exclude=.gvfs/"
    - "--exclude=.cache/"

but for some subdirectory it gives the following error (slightly edited to hide personal data):

fatal: [server]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh  -S none -o StrictHostKeyChecking=no' --exclude=tmp* --exclude=~* --exclude=*~ --exclude=.gvfs/ --exclude=.cache/ --out-format='<<CHANGED>>%i %n%L' \"server:/var/backup/\" \"/var/tank/snapshot/server/backup/\"", "failed": true, "msg": "rsync: opendir \"/var/backup/subdir\" failed: Permission denied (13)\nrsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [generator=3.1.2]\n", "rc": 23}

fatal: [server]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no' --exclude=tmp* --exclude=~* --exclude=*~ --exclude=.gvfs/ --exclude=.cache/ --out-format='<>%i %n%L' "server:/var/backup/" "/var/tank/snapshot/server/backup/"", "failed": true, "msg": "rsync: opendir "/var/backup/subdir" failed: Permission denied (13)\nrsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [generator=3.1.2]\n", "rc": 23}

The subdirectory that fails (/var/backup/subdir in the above case) is owned by root:root and it is readable/writable only by the owner. My guess is rsync is trying to pull the files as user instead of root.

How can I pull those directories without compromising the security and possibly without changing anything on the server side? After all privilege escalation is already in place and working.

I'm using Ansible, among other things, for backing up purposes. I run ansible-playbook with a non-root user (let's say it is user) and ssh as user. After that, I set up privilege escalation to become root on every server. Until now, no problems.

To fetch a remote directory I have something equivalent to the following rule:

- synchronize:
  mode: pull
  delete: true
  src: "{{ dir }}/"
  dest: "{{ tank_base }}/{{ inventory_hostname }}/{{ dir }}/"
  rsync_opts:
    - "--exclude=tmp*"
    - "--exclude=~*"
    - "--exclude=*~"
    - "--exclude=.gvfs/"
    - "--exclude=.cache/"

but for some subdirectory it gives the following error (slightly edited to hide personal data):

fatal: [server]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh  -S none -o StrictHostKeyChecking=no' --exclude=tmp* --exclude=~* --exclude=*~ --exclude=.gvfs/ --exclude=.cache/ --out-format='<<CHANGED>>%i %n%L' \"server:/var/backup/\" \"/var/tank/snapshot/server/backup/\"", "failed": true, "msg": "rsync: opendir \"/var/backup/subdir\" failed: Permission denied (13)\nrsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [generator=3.1.2]\n", "rc": 23}

The subdirectory that fails (/var/backup/subdir in the above case) is owned by root:root and it is readable/writable only by the owner. My guess is rsync is trying to pull the files as user instead of root.

How can I pull those directories without compromising the security and possibly without changing anything on the server side? After all privilege escalation is already in place and working.

I'm using Ansible, among other things, for backing up purposes. I run ansible-playbook with a non-root user (let's say it is user) and ssh as user. After that, I set up privilege escalation to become root on every server. Until now, no problems.

To fetch a remote directory I have something equivalent to the following rule:

- synchronize:
  mode: pull
  delete: true
  src: "{{ dir }}/"
  dest: "{{ tank_base }}/{{ inventory_hostname }}/{{ dir }}/"
  rsync_opts:
    - "--exclude=tmp*"
    - "--exclude=~*"
    - "--exclude=*~"
    - "--exclude=.gvfs/"
    - "--exclude=.cache/"

but for some subdirectory it gives the following error (slightly edited to hide personal data):

fatal: [server]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no' --exclude=tmp* --exclude=~* --exclude=*~ --exclude=.gvfs/ --exclude=.cache/ --out-format='<>%i %n%L' "server:/var/backup/" "/var/tank/snapshot/server/backup/"", "failed": true, "msg": "rsync: opendir "/var/backup/subdir" failed: Permission denied (13)\nrsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [generator=3.1.2]\n", "rc": 23}

The subdirectory that fails (/var/backup/subdir in the above case) is owned by root:root and it is readable/writable only by the owner. My guess is rsync is trying to pull the files as user instead of root.

How can I pull those directories without compromising the security and possibly without changing anything on the server side? After all privilege escalation is already in place and working.

Tweeted twitter.com/super_user/status/803554835601784832
Mark up cleansing
Source Link
ntd
ntd
  • 113
  • 1
  • 1
  • 11

I'm using Ansible, among other things, for backing up purposes.I I run {{ansible-playbook}}ansible-playbook with a non-root user (let's say it is user) and ssh as user. After that, I set up privilege escalation to become root on every server. Until now, no problems.

To fetch a remote directory I have something equivalent to the following rule:

- synchronize:
  mode: pull
  delete: true
  src: "{{ dir }}/"
  dest: "{{ tank_base }}/{{ inventory_hostname }}/{{ dir }}/"
  rsync_opts:
    - "--exclude=tmp*"
    - "--exclude=~*"
    - "--exclude=*~"
    - "--exclude=.gvfs/"
    - "--exclude=.cache/"

but for some subdirectory it gives the following error (slightly edited to hide personal data):

fatal: [server]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh  -S none -o StrictHostKeyChecking=no' --exclude=tmp* --exclude=~* --exclude=*~ --exclude=.gvfs/ --exclude=.cache/ --out-format='<<CHANGED>>%i %n%L' \"server:/var/backup/\" \"/var/tank/snapshot/server/backup/\"", "failed": true, "msg": "rsync: opendir \"/var/backup/subdir\" failed: Permission denied (13)\nrsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [generator=3.1.2]\n", "rc": 23}

The subdirectory that fails (/var/backup/subdir in the above case) is owned by root:root and it is readable/writable only by the owner. My guess is rsync is trying to pull the files as user instead of root.

How can I pull those directories without compromising the security and possibly without changing anything on the server side? After all privilege escalation is already in place and working.

I'm using Ansible, among other things, for backing up purposes.I run {{ansible-playbook}} with a non-root user (let's say it is user) and ssh as user. After that, I set up privilege escalation to become root on every server. Until now, no problems.

To fetch a remote directory I have something equivalent to the following rule:

- synchronize:
  mode: pull
  delete: true
  src: "{{ dir }}/"
  dest: "{{ tank_base }}/{{ inventory_hostname }}/{{ dir }}/"
  rsync_opts:
    - "--exclude=tmp*"
    - "--exclude=~*"
    - "--exclude=*~"
    - "--exclude=.gvfs/"
    - "--exclude=.cache/"

but for some subdirectory it gives the following error (slightly edited to hide personal data):

fatal: [server]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh  -S none -o StrictHostKeyChecking=no' --exclude=tmp* --exclude=~* --exclude=*~ --exclude=.gvfs/ --exclude=.cache/ --out-format='<<CHANGED>>%i %n%L' \"server:/var/backup/\" \"/var/tank/snapshot/server/backup/\"", "failed": true, "msg": "rsync: opendir \"/var/backup/subdir\" failed: Permission denied (13)\nrsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [generator=3.1.2]\n", "rc": 23}

The subdirectory that fails (/var/backup/subdir in the above case) is owned by root:root and it is readable/writable only by the owner. My guess is rsync is trying to pull the files as user instead of root.

How can I pull those directories without compromising the security and possibly without changing anything on the server side? After all privilege escalation is already in place and working.

I'm using Ansible, among other things, for backing up purposes. I run ansible-playbook with a non-root user (let's say it is user) and ssh as user. After that, I set up privilege escalation to become root on every server. Until now, no problems.

To fetch a remote directory I have something equivalent to the following rule:

- synchronize:
  mode: pull
  delete: true
  src: "{{ dir }}/"
  dest: "{{ tank_base }}/{{ inventory_hostname }}/{{ dir }}/"
  rsync_opts:
    - "--exclude=tmp*"
    - "--exclude=~*"
    - "--exclude=*~"
    - "--exclude=.gvfs/"
    - "--exclude=.cache/"

but for some subdirectory it gives the following error (slightly edited to hide personal data):

fatal: [server]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh 'ssh  -S none -o StrictHostKeyChecking=no' --exclude=tmp* --exclude=~* --exclude=*~ --exclude=.gvfs/ --exclude=.cache/ --out-format='<<CHANGED>>%i %n%L' \"server:/var/backup/\" \"/var/tank/snapshot/server/backup/\"", "failed": true, "msg": "rsync: opendir \"/var/backup/subdir\" failed: Permission denied (13)\nrsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1650) [generator=3.1.2]\n", "rc": 23}

The subdirectory that fails (/var/backup/subdir in the above case) is owned by root:root and it is readable/writable only by the owner. My guess is rsync is trying to pull the files as user instead of root.

How can I pull those directories without compromising the security and possibly without changing anything on the server side? After all privilege escalation is already in place and working.

Source Link
ntd
ntd
  • 113
  • 1
  • 1
  • 11