Terraform-provider-local: local_file resource should have modes, not set executable bit by default

Created on 7 Nov 2018  ·  8Comments  ·  Source: hashicorp/terraform-provider-local

_This issue was originally opened by @kojiromike as hashicorp/terraform#14768. It was migrated here as a result of the provider split. The original body of the issue is below._

Terraform Version

0.9.5

Affected Resource(s)

  • local_file

Terraform Configuration Files

resource "local_file" "foo" {
  content = "contents"
  filename = "foo.txt"
}

My umask here is 0022

Expected Behavior

A file should have been created with mode -rw-r--r--.

Actual Behavior

A file was created with mode -rwxr-xr-x.

Humble Opinions

While I would prefer the option of providing a specific mode in tf configuration, I think Terraform should fallback to supporting the standard behavior of open, which would result in the file not being executable.

picture ghost
👍12

Most helpful comment

While we don't have a proper solution for that, I'm using the following workaround.

resource "local_file" "foo" {
  content = "contents"
  filename = "foo.txt"
  provisioner "local-exec" {
    command = "chmod 644 foo.txt"
}

Not the best solution, but did the trick for me! Hope it helps.

picture rodrigocmn on 20 Feb 2019
👍8

All 8 comments

I think the mode should be an attribute. For instance, I use a dynamic generated private key for a set of instances but use the loca_file to put it in my local path in case I need to ssh and troubleshoot later. However in my case the .pem file generated should be with 600 mode in order to be used with the ssh -i <*.pem> <host> command.

lmayorga1980 picture lmayorga1980 on 10 Jan 2019
👍4

I agree, getting this issue when saving off files that need less permissive modes.

straubt1 picture straubt1 on 11 Feb 2019

While we don't have a proper solution for that, I'm using the following workaround.

resource "local_file" "foo" {
  content = "contents"
  filename = "foo.txt"
  provisioner "local-exec" {
    command = "chmod 644 foo.txt"
}

Not the best solution, but did the trick for me! Hope it helps.

rodrigocmn picture rodrigocmn on 20 Feb 2019
👍8

@rodrigocmn Thank you for that work around, that work great for my scenario!

straubt1 picture straubt1 on 20 Feb 2019

While we don't have a proper solution for that, I'm using the following workaround.

resource "local_file" "foo" {
  content = "contents"
  filename = "foo.txt"
  provisioner "local-exec" {
    command = "chmod 644 foo.txt"
}

Not the best solution, but did the trick for me! Hope it helps.

Very nice trick!

toughrogrammer picture toughrogrammer on 27 Apr 2019

Looks like https://github.com/terraform-providers/terraform-provider-local/pull/5 will close this

Jukie picture Jukie on 3 Oct 2019

Modes are now supported (implemented in pull request #30), use file_permission argument released in v1.4.0.

irnc picture irnc on 6 Dec 2019

This is not working for me. When I create my local file i set this parameter file_permission = "0600". However the file is still created with 755.

phanclan picture phanclan on 22 Sep 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hashibot picture hashibot  ·  8Comments
ghost picture ghost  ·  24Comments
brett-richardson picture brett-richardson  ·  4Comments
ghost picture ghost  ·  14Comments
mastrolinux picture mastrolinux  ·  3Comments