risky-octal¶
This rule checks that octal file permissions are strings that contain a leading
zero or are written in
symbolic modes,
such as u+rwx
or u=rw,g=r,o=r
.
Using integers or octal values in YAML can result in unexpected behavior. For
example, the YAML loader interprets 0644
as the decimal number 420
but
putting 644
there will produce very different results.
Modules that are checked:
ansible.builtin.assemble
ansible.builtin.copy
ansible.builtin.file
ansible.builtin.replace
ansible.builtin.template
Problematic Code¶
---
- name: Example playbook
hosts: localhost
tasks:
- name: Unsafe example of declaring Numeric file permissions
ansible.builtin.file:
path: /etc/foo.conf
owner: foo
group: foo
mode: 644