24 lines
732 B
YAML
24 lines
732 B
YAML
---
|
|
- name: Check CIS permission targets
|
|
when: cis_effective_rules.file_permissions | default(false)
|
|
ansible.builtin.stat:
|
|
path: "{{ item.path }}"
|
|
loop: "{{ cis_permission_targets }}"
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
register: cis_permission_stats
|
|
changed_when: false
|
|
|
|
- name: Set permissions for existing targets
|
|
when:
|
|
- cis_effective_rules.file_permissions | default(false)
|
|
- item.stat.exists
|
|
ansible.builtin.file:
|
|
path: "{{ item.item.path }}"
|
|
owner: "{{ item.item.owner | default(omit) }}"
|
|
group: "{{ item.item.group | default(omit) }}"
|
|
mode: "{{ item.item.mode }}"
|
|
loop: "{{ cis_permission_stats.results | default([]) }}"
|
|
loop_control:
|
|
label: "{{ item.item.path }}"
|