Comment 0 for bug 1807703

Among our build logs there are lots of messages like below:

[WARNING] Ansible is in a world writable directory (/home/zuul/src/git.openstack.org/openstack/tripleo-quickstart), ignoring it as an ansible.cfg source.
2018-12-10 11:58:22.137763 | primary |

This kind of message sould not be treated just as a warning because it has serious implications because Ansible will skip loading the ansible.cfg for this reason, meaning that our code will not use it, allowing introduction of invalid changes to the file.

This error by itself undelines a likely bad configuration for default CI user permission which allow other users to edit files created by the zuul user, something that should never be true.

It may be possible that someone added a 777 to the folder by mistake but I suspect this may be at user level.

Does zuul have an incorrect umask?

https://logs.rdoproject.org/02/623202/4/openstack-check/tripleo-ci-centos-7-ovb-3ctlr_1comp-featureset053/4ce25ea/job-output.txt.gz#_2018-12-10_11_58_19_996877

http://logstash.openstack.org/#dashboard/file/logstash.json?query=message%3A%5C%22%5BWARNING%5D%20Ansible%20is%20in%20a%20world%20writable%20directory%5C%22