From fba4316e09e67eada1d13a456c5c0085cb6a8327 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 13 Jan 2017 10:22:01 +0100
Subject: [PATCH] Document the format for Unix permissions

---
 CONVENTIONS.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/CONVENTIONS.md b/CONVENTIONS.md
index a9709e8..cb8f0e8 100644
--- a/CONVENTIONS.md
+++ b/CONVENTIONS.md
@@ -187,3 +187,18 @@ The source file or template shouldn't to be prefixed for ordering (eg. `z-` or `
 When making a role or a task the necessary packages must be installed explicitly.
 
 For example for the "mysql" role we obviously need the MySQL packages, but we also need the "apg" package to generate new passwords. This package is installed by "evolinux-base" but the "mysql" role can be executed on a fresh server.
+
+## Caveats
+
+### Unix permissions must be written as String values
+
+Many modules have a `mode` attribute to specify the permissions on the files or directories. We can use the symbolic notation (`u+rwx` or `u=rw,g=r,o=r`) or the octal notation (`755`).
+
+It is not clearly documented but when using the octal notation, we **MUST** use a String format, and not a Numeric format (or whatever Python types). Examples :
+
+* `mode: 755` → Bad!
+* `mode: 1777` → Bad!
+* `mode: "755"` → Good
+* `mode: "1777"` → Good
+
+This is most probably due to the way Python deals with numeric values and cotal vs. decimal based integers. The String type guarantees that the proper value is used.