From 826fb015570ac7f26f350bfff00f49afd4ab67b8 Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sun, 5 Feb 2023 00:09:09 -0500
Subject: fix permissions error in archive-freeipa script

The mv command attempts to preserve the original file's permissions,
which thwarts the default ACL we have in place for the archive spool
directory.

Switch to a more convoluted cp/chmod.
---
 playbooks/freeipa.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'playbooks/freeipa.yml')

diff --git a/playbooks/freeipa.yml b/playbooks/freeipa.yml
index b8ecc85..ede053b 100644
--- a/playbooks/freeipa.yml
+++ b/playbooks/freeipa.yml
@@ -12,8 +12,11 @@
       archive_on_calendar: 'Sat *-*-* 02:00:00'
       archive_shell: >-
         ipa-backup &&
-        mv -v /var/lib/ipa/backup/* . &&
+        find {{ freeipa_backup_dir | quote }} -mindepth 1 -maxdepth 1 -type d
+        -exec cp --preserve=timestamps -vr {} . \;
+        -exec rm -vrf {} \; &&
         find . -mindepth 1 -type d -exec chmod -v 770 {} +
+
       tags: archive
 
 - name: configure freeipa replicas
-- 
cgit