From c204b7651a5fcd5a109d78ba5dc1eabf977f3bc0 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Sat, 2 Feb 2019 10:36:40 +0100
Subject: [PATCH] ansible-inventories/arocom#2785 Enhance setfacl to also apply
 settings to existing files and directories

---
 tasks/install.yml           | 9 ++++++++-
 tasks/users/gitcomposer.yml | 5 ++++-
 tasks/users/gitscript.yml   | 5 ++++-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/tasks/install.yml b/tasks/install.yml
index a0029da..da78cc6 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -247,13 +247,20 @@
   tags: 'cron'
   when: item.0.install|default(true)
 
-- name: "Set Extended Permissions"
+- name: "Set Extended Default Permissions"
   command: setfacl -dRm u:{{ apacheUser }}:rwX,g:{{ apacheUser }}:rwX,o::rX {{ webRoot }}/files
   tags:
     - 'deploy'
     - 'SetPermissions'
   when: drupal.install_extra_dirs|default(true)
 
+- name: "Set Extended Permissions"
+  command: setfacl -Rm u:{{ apacheUser }}:rwX,g:{{ apacheUser }}:rwX,o::rX {{ webRoot }}/files
+  tags:
+    - 'deploy'
+    - 'SetPermissions'
+  when: drupal.install_extra_dirs|default(true)
+
 - name: "Make htaccess read-only"
   file:
     path='{{ webRoot }}/files/{{ drupal_domain.0.shortname|default("default") }}/{{ drupal_domain.1 }}/.htaccess'
diff --git a/tasks/users/gitcomposer.yml b/tasks/users/gitcomposer.yml
index 41bc50e..38c0ff7 100644
--- a/tasks/users/gitcomposer.yml
+++ b/tasks/users/gitcomposer.yml
@@ -22,9 +22,12 @@
       recurse=yes
       follow=no
 
-  - name: "Extended File Modes and Ownership for Repository"
+  - name: "Extended Default File Modes and Ownership for Repository"
     command: setfacl -dRm u:root:rwX,g:{{ drupal.src.name }}:rwX,o::rX {{ webRoot }}
 
+  - name: "Extended File Modes and Ownership for Repository"
+    command: setfacl -Rm u:root:rwX,g:{{ drupal.src.name }}:rwX,o::rX {{ webRoot }}
+
   tags:
     - 'SetPermissions'
     - 'cron'
diff --git a/tasks/users/gitscript.yml b/tasks/users/gitscript.yml
index 7b9afdc..a112590 100644
--- a/tasks/users/gitscript.yml
+++ b/tasks/users/gitscript.yml
@@ -22,9 +22,12 @@
       recurse=yes
       follow=no
 
-  - name: "Extended File Modes and Ownership for Repository"
+  - name: "Extended Default File Modes and Ownership for Repository"
     command: setfacl -dRm u:root:rwX,g:{{ drupal.src.name }}:rwX,o::rX {{ webRoot }}{{ drupal.src.git.target }}
 
+  - name: "Extended File Modes and Ownership for Repository"
+    command: setfacl -Rm u:root:rwX,g:{{ drupal.src.name }}:rwX,o::rX {{ webRoot }}{{ drupal.src.git.target }}
+
   - include_tasks: gitscript_cron.yml
     when: drupal.src.cron is defined
 
-- 
GitLab