Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

local_file resource should have modes, not set executable bit by default #19

Open
ghost opened this issue Nov 7, 2018 · 8 comments
Open

local_file resource should have modes, not set executable bit by default #19

ghost opened this issue Nov 7, 2018 · 8 comments

Comments

@ghost
Copy link

ghost commented Nov 7, 2018

This issue was originally opened by @kojiromike as hashicorp/terraform#14768. It was migrated here as a result of the provider split. The original body of the issue is below.

Terraform Version

0.9.5

Affected Resource(s)

  • local_file

Terraform Configuration Files

resource "local_file" "foo" {
  content = "contents"
  filename = "foo.txt"
}

My umask here is 0022

Expected Behavior

A file should have been created with mode -rw-r--r--.

Actual Behavior

A file was created with mode -rwxr-xr-x.

Humble Opinions

While I would prefer the option of providing a specific mode in tf configuration, I think Terraform should fallback to supporting the standard behavior of open, which would result in the file not being executable.
@ghost ghost mentioned this issue Nov 7, 2018
Closed
@lmayorga1980
Copy link

I think the mode should be an attribute. For instance, I use a dynamic generated private key for a set of instances but use the loca_file to put it in my local path in case I need to ssh and troubleshoot later. However in my case the .pem file generated should be with 600 mode in order to be used with the ssh -i <*.pem> <host> command.

@straubt1
Copy link

I agree, getting this issue when saving off files that need less permissive modes.

@rodrigocmn
Copy link

rodrigocmn commented Feb 20, 2019
edited

While we don't have a proper solution for that, I'm using the following workaround.

resource "local_file" "foo" {
  content = "contents"
  filename = "foo.txt"
  provisioner "local-exec" {
    command = "chmod 644 foo.txt"
}

Not the best solution, but did the trick for me! Hope it helps.

@rodrigocmn rodrigocmn mentioned this issue Feb 20, 2019
Closed
@straubt1
Copy link

@rodrigocmn Thank you for that work around, that work great for my scenario!

@max-rocket-internet max-rocket-internet mentioned this issue Mar 13, 2019
Closed
4 tasks
@edisongustavo edisongustavo mentioned this issue Mar 28, 2019
Open
@toughrogrammer
Copy link

While we don't have a proper solution for that, I'm using the following workaround.

resource "local_file" "foo" {
  content = "contents"
  filename = "foo.txt"
  provisioner "local-exec" {
    command = "chmod 644 foo.txt"
}

Not the best solution, but did the trick for me! Hope it helps.

Very nice trick!

@jukie
Copy link

jukie commented Oct 3, 2019

Looks like #5 will close this

@kojiromike kojiromike mentioned this issue Oct 4, 2019
Open
@irnc
Copy link

irnc commented Dec 6, 2019

Modes are now supported (implemented in pull request #30), use file_permission argument released in v1.4.0.

@phanclan
Copy link

This is not working for me. When I create my local file i set this parameter file_permission = "0600". However the file is still created with 755.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@irnc @toughrogrammer @lmayorga1980 @phanclan @straubt1 @jukie @rodrigocmn