copr-be: cleanup after today's debugging

roles/copr/backend/tasks/resalloc.yml

@@ -128,11 +128,7 @@
     path: "/var/lib/resallocserver/resalloc_provision/"
     owner: resalloc
     group: resalloc
-    # The mode 'u=rwX,g=,o=' achieves the required complex permissions:
-    # - u=rw: Base 600 permissions for owner.
-    # - X: Adds executable bit only if path is a directory (700) or was already executable (700).
-    # - g=,o=: Explicitly removes permissions from group and others (resulting in D700/F600).
-    mode: 'g=,o='
+    mode: 'g-rwx,o-rwx'
     state: directory
     recurse: yes
   tags:

roles/copr/backend/tasks/setup_provisioning_environment.yml

@@ -18,8 +18,6 @@
       - "--no-perms"
   tags:
   - provision_config
-  - provision_config_sync
-  - provision_config_sync_1
 
 - name: "Sync copr provisioning files [remove mock config leftovers]"
   ansible.posix.synchronize:
@@ -31,28 +29,17 @@
       - "--no-perms"
   tags:
   - provision_config
-  - provision_config_sync
-  - provision_config_sync_2
 
 - name: "fix perms for copr provisioning files ({{ provision_directory }})"
   ansible.builtin.file:
     path: "{{ provision_directory }}/"
     owner: "{{ provision_user }}"
     group: "{{ provision_user }}"
-    # The mode 'u=rwX,g=,o=' achieves the required complex permissions:
-    # - u=rw: Base 600 permissions for owner.
-    # - X: Adds executable bit only if path is a directory (700) or was already executable (700).
-    # - g=,o=: Explicitly removes permissions from group and others (resulting in D700/F600).
     mode: 'g-rwx,o-rwx'
     state: directory
     recurse: yes
-    follow: false
   tags:
     - provision_config
-    - provision_config_sync
-    - provision_config_sync_1
-    - provision_config_sync_2
-    - provision_config_sync_just_fix_perms
 
 - name: Resalloc, generate vars.yml file
   ansible.builtin.template: