RPM download code can fail with a permission error

[kkeane]

Under certain circumstances, the task TASK [crowdstrike.falcon.falcon_install : CrowdStrike Falcon | Copy Sensor Installation Package to remote host (non-windows)] ***

Can produce the following error:

The error was: PermissionError: [Errno 1] Operation not permitted: b'/tmp/falcon-sensor/falcon-sensor-7.20.0-17306.el8.x86_64.rpm'

The circumstances when the first issue happens are:

• The user name on the ansible controller is different from the ansible user on the host.
• Ansible is targetting the controller itself.

The problem has to do with the delegate: local attribute.

In my example, the ansible controller runs as user ansiblectl, while remote_user is set to svc-ansible.

In this case, the following appears to happen:

Expected outcome:

• the file /tmp/falcon-sensor/falcon-sensor-7.20.0-17306.el8.x86_64.rpm is created with permissions 640 and owned by svc-ansible. The RPM will be installed and Ansible complete without an error.

Actual outcome (when targeting the ansible controller)

• the file /tmp/falcon-sensor/falcon-sensor-7.20.0-17306.el8.x86_64.rpm is created with permissions 640 and owned by ansiblectl. The RPM is not readable for user svc-ansible.

The underlying problem seems to be that the RPM is downloaded with delegate: local as user ansiblectl, but used as remote_user: svc-ansible. The change of ownership is supposed to happen in the copy module, but when targeting the ansible controller, this operation is skipped.

[carlosmmatos]

@kkeane - Thanks for opening up the issue. I will look into this soon.