Hi Chad, I think you are on the right track. If you can read the file into memory, you should be able to grep to confirm if the entry exists in file or not before actually making the change.
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html#conditions-based-on-registered-variables > On Nov 13, 2023, at 12:45 PM, Schrock, Chad - 0336 - MITLL > <chad.schr...@ll.mit.edu> wrote: > > > Hi everyone, > > I am really having a very Monday Monday today and am just having a fit with > my regex. I’m working on implementing part of the DISA STIG for RHEL 9 and > need to edit /etc/bashrc, specifically: > > # Set default umask for non-login shell only if it is set to 0 > [ `umask` -eq 0 ] && umask 022 > > I need to change that “umask 022” to “umask 077” and I’ve gotten as far as > this: > > - name: RHEL-09-412055 | RHEL 9 must define default permissions for the bash > shell > ansible.builtin.lineinfile: > path: /etc/bashrc > regexp: \sumask\s\d{3} > line: "[ `umask` -eq 0 ] && umask 077" > > > But then realized that the regexp and replacement isn’t idempotent and since > then my brain has just decided to go on a little vacation by itself. > > I was thinking about some sort of capture group and then something saying “if > <capture group> != ‘077’,” but I think I completely lost the plot at that > point. > > Thank you for any help on this Mondayest of Mondays. > > > > -- > Chad Schrock, he/him > Supporting MIT Lincoln Laboratory, Lexington, MA > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com > <mailto:ansible-project+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/PH1P110MB14443DB4A6FBB2E6DD135DA8B3B3A%40PH1P110MB1444.NAMP110.PROD.OUTLOOK.COM > > <https://groups.google.com/d/msgid/ansible-project/PH1P110MB14443DB4A6FBB2E6DD135DA8B3B3A%40PH1P110MB1444.NAMP110.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/BFFD37BC-20E6-4186-90E5-D1BC9930E3ED%40gmail.com.
