From 1781a2cf019ce46dad5642fe912840949864ed2e Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Fri, 4 Sep 2020 20:19:00 +0100 Subject: [PATCH] Add Ansible role to fix Drupal file permissions Add a new `drupal-permissions` Ansible role that resets the file and directory permissions to match the ones described in https://www.drupal.org/node/244924. This will later be released to Ansible Galaxy, but for now it will remain in this repository until the required changes are made and the appropriate documentation is added. Fixes #191 --- .gitignore | 2 +- tools/ansible/deploy/after-symlink-shared.yml | 10 ------- tools/ansible/deploy/after-update-code.yml | 4 +++ .../roles/drupal-permissions/tasks/main.yml | 29 +++++++++++++++++++ tools/ansible/vars/deploy_vars.yml | 11 ++++++- 5 files changed, 44 insertions(+), 12 deletions(-) delete mode 100644 tools/ansible/deploy/after-symlink-shared.yml create mode 100644 tools/ansible/roles/drupal-permissions/tasks/main.yml diff --git a/.gitignore b/.gitignore index 02760d9..3c86de6 100644 --- a/.gitignore +++ b/.gitignore @@ -12,7 +12,7 @@ !/phpunit.xml.dist !/scripts/ !/slides/ -!/tools/ +!/tools/** !/web/modules/custom/** !/web/sites/default/environments/settings.*.php !/web/sites/default/settings.php diff --git a/tools/ansible/deploy/after-symlink-shared.yml b/tools/ansible/deploy/after-symlink-shared.yml deleted file mode 100644 index b131981..0000000 --- a/tools/ansible/deploy/after-symlink-shared.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Setup directory permissions for files directories - become: true - file: - path: '{{ ansistrano_shared_path }}/{{ project_web_dir }}/sites/default/files' - state: directory - owner: www-data - group: root - mode: u=rwx,g=rw,o= - recurse: true diff --git a/tools/ansible/deploy/after-update-code.yml b/tools/ansible/deploy/after-update-code.yml index 01ecc09..f960a37 100644 --- a/tools/ansible/deploy/after-update-code.yml +++ b/tools/ansible/deploy/after-update-code.yml @@ -9,6 +9,10 @@ include_role: name: opdavies.drupal_settings_files +- name: Fix file permissions + include_role: + name: drupal-permissions + - name: Clear Drush cache command: > {{ release_drush_path }} diff --git a/tools/ansible/roles/drupal-permissions/tasks/main.yml b/tools/ansible/roles/drupal-permissions/tasks/main.yml new file mode 100644 index 0000000..021a8f5 --- /dev/null +++ b/tools/ansible/roles/drupal-permissions/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: Set the permissions for each Drupal root directory. + file: + group: www-data + mode: ug=rX,o= + owner: "{{ drupal_permissions.user }}" + path: "{{ item.root }}" + recurse: true + state: directory + with_items: "{{ drupal_permissions.sites }}" + +- name: Set permissions for the defined settings files. + file: + mode: a-X + path: "{{ item.0.root }}/{{ item.1 }}" + state: file + with_subelements: + - "{{ drupal_permissions.sites }}" + - settings_files + +- name: Set permissions for the defined files directories. + file: + mode: ug=rwX,o= + path: "{{ item.0.root }}/{{ item.1 }}" + recurse: true + state: directory + with_subelements: + - "{{ drupal_permissions.sites }}" + - files_directories diff --git a/tools/ansible/vars/deploy_vars.yml b/tools/ansible/vars/deploy_vars.yml index dc900c2..e31ac9d 100644 --- a/tools/ansible/vars/deploy_vars.yml +++ b/tools/ansible/vars/deploy_vars.yml @@ -9,7 +9,6 @@ ansistrano_shared_paths: - '{{ project_web_dir }}/sites/default/files' # Hooks -ansistrano_after_symlink_shared_tasks_file: '{{ playbook_dir }}/deploy/after-symlink-shared.yml' ansistrano_after_update_code_tasks_file: '{{ playbook_dir }}/deploy/after-update-code.yml' ansistrano_before_symlink_tasks_file: '{{ playbook_dir }}/deploy/before-symlink.yml' @@ -21,6 +20,16 @@ release_drush_path: '{{ ansistrano_release_path.stdout }}/vendor/bin/drush' release_web_path: '{{ ansistrano_release_path.stdout }}/{{ project_web_dir }}' release_theme_path: '{{ release_web_path }}/themes/custom/opdavies' +drupal_permissions: + sites: + - root: "{{ release_web_path }}" + files_directories: + - sites/default/files + settings_files: + - sites/default/settings.php + - sites/default/settings.local.php + user: root + drupal_settings: - drupal_root: '{{ release_web_path }}' sites: