I'd like to define these arguments once explicitly in the scope of either a role's defaults or a host's variables per module or even a group of modules.
Luckily you can't and your request is incoherent because of the way you use the word "explicitly".
In fact you want to "define these arguments once so that they are applied implicitly".
And on the other hand, it is Ansible that requires parameter values to be specified explicitly.
Though it may seem safe to assume that omitting these arguments for ownership would result the same as the tasks are 'sudoedly' executed,
No, it is not safe to assume that omitting the arguments would set the ownership to values defined in your head.
Simplest case is where the file already exists and Ansible only changes its content. It won't implicitly fix the permissions/ownership in that case.
The best thing you can do is to specify the required parameters explicitly in tasks.
If you want to have some flexibility, use variables defined in a single place:
vars:
my_owner: root
my_group: root
my_mode: ugo=r
tasks:
- copy:
[…]
owner: "{{ my_owner }}"
group: "{{ my_group }}"
mode: "{{ my_mode }}"
Another important thing to bear in mind is that historically not all modules were behaving in the same way with regard to file permissions. Namely some modules (url
if I remember correctly) set the explicitly specified permissions only when they actually created/changed the file, while leaving the permissions unchanged otherwise.
There is no excuse for not testing the systems (using a separate flow, be it using Ansible, or a different tool).