Home > Enterprise >  Ansible: How to categorize files by permissions?
Ansible: How to categorize files by permissions?

Time:01-14

Im trying to categorize the files based on their permissions and I have a problem with the JSON query.

The output I like to categorize

Example

[email protected]:~$ stat -c '%a %n' $(pwd)/*
644 /home/user/go
755 /home/user/sshified
644 /home/user/test.yaml

or

[email protected]:~$ find / -perm -4000 -type f -exec stat -c '%a %n' {} 2>/dev/null \;
4755 /usr/bin/mtr
4755 /bin/su
4777 /bin/app1

The query which doesn't give any output back.

Ansible Code

   - name: Find binaries with suid bit set 
     shell: 
       cmd: stat -c '%a %n' folder/* 
     register: files-with-write
     failed_when: files-with-write.rc != 1 and files-with-write.rc != 0
     changed_when: false

   - set_fact:
     writeable_files: "{{files-with-write| to_json | from_json |json_query(\"[?ends_with(mode, '7') == `true`].{gr_name: gr_name, mode: mode, path: path }\") }}"

   - debug:
     msg:
     - "files: {{writeable_files}}

CodePudding user response:

Use find module and see what attributes are available in the registered results. For example, given the files

shell> stat -c '%a %n' test-476/*
644 test-476/go
755 test-476/sshified
664 test-476/test.yaml

the debug below lists the registered attributes of the files

    - find:
        paths: test-476
        recurse: true
      register: result
    - debug:
        var: result.files.0.keys()|list|to_yaml

gives

  result.files.0.keys()|list|to_yaml: |-
    [path, mode, isdir, ischr, isblk, isreg, isfifo, islnk, issock, uid, gid, size, inode,
     dev, nlink, atime, mtime, ctime, gr_name, pw_name, wusr, rusr, xusr, wgrp, rgrp,
     xgrp, woth, roth, xoth, isuid, isgid]

For example, use the attribute wgrp to select group-writable files

    - set_fact:
        group_writeable_files: "{{ result.files|selectattr('wgrp') }}"
    - debug:
        msg: "{{ group_writeable_files|map(attribute='path')|list }}"

gives

  msg:
  - test-476/test.yaml

CodePudding user response:

If you just want to find files that are writeable, this can be much easier done on bash level:

   - name: Find writable by others
     command: find folder/ -perm /o w 
     register: writable_others

   - name: Find writable by others or group
     command: find folder/ -perm /o w,g w 
     register: writable_others_group

CodePudding user response:

Using Ansible modules like find or stat you may start your implementation with something like

---
- hosts: test
  become: no
  gather_facts: no

  tasks:

  - name: Return a list of files
    find:
      paths: "/home/{{ ansible_user }}/"
      file_type: file
    register: result

  - name: Show result
    debug:
      msg: "{{ item.mode }} {{ item.path }}"
    when: item.mode == "0755"
    loop: "{{ result.files }}"

Page link:https//www.codepudding.com/Enterprise/262665.html

Prev:Convert string to json valid value
Next:How to create json string from scala ArrayBuffer
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding