Only chown on atomic move if invoked as root

Linux and BSD derivatives do not allow unprivileged users to "give away" files to others for security reasons. (System V derivatives allow that but they're rare nowadays.)

Only chown on atomic move if invoked as root
Linux and BSD derivatives do not allow unprivileged users to "give away" files to others for security reasons. (System V derivatives allow that but they're rare nowadays.)
f4053fcf · Lukas Wunner · 448c0a95 · f4053fcf
Commit f4053fcf authored Aug 14, 2014 by Lukas Wunner
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

lib/ansible/module_utils/basic.py
+1 -1

No files found.
--- a/lib/ansible/module_utils/basic.py
+++ b/lib/ansible/module_utils/basic.py
@@ -1146,7 +1146,7 @@ class AnsibleModule(object):
                    self.set_context_if_different(
                        tmp_dest.name, context, False)
                tmp_stat = os.stat(tmp_dest.name)
-                if dest_stat and (tmp_stat.st_uid != dest_stat.st_uid or tmp_stat.st_gid != dest_stat.st_gid):
+                if dest_stat and (tmp_stat.st_uid != dest_stat.st_uid or tmp_stat.st_gid != dest_stat.st_gid) and os.getuid() == 0:
                    os.chown(tmp_dest.name, dest_stat.st_uid, dest_stat.st_gid)
                os.rename(tmp_dest.name, dest)
            except (shutil.Error, OSError, IOError), e: