ansible.posix.acl – Set and retrieve file ACL information.
ansible.posix.acl – Set and retrieve file ACL information.
Note
This plugin is part of the ansible.posix collection (version 1.1.1).
To install it use: ansible-galaxy collection install ansible.posix
.
To use it in a playbook, specify: ansible.posix.acl
.
New in version 1.0.0: of ansible.posix
Synopsis
- Set and retrieve file ACL information.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
default boolean |
|
If the target is a directory, setting this to Setting |
entity string |
The actual user or group that the ACL applies to when matching entity types user or group are selected. | |
entry string |
DEPRECATED. The ACL to set or remove. This must always be quoted in the form of The qualifier may be empty for some types, but the type and perms are always required.
This is now superseded by entity, type and permissions fields. | |
etype string |
|
The entity type of the ACL to apply, see |
follow boolean |
|
Whether to follow symlinks on the path if a symlink is encountered. |
path path / required |
The full path of the file or object.
| |
permissions string |
The permissions to apply/remove can be any combination of | |
recalculate_mask string |
|
Select if and when to recalculate the effective right masks of the files. See Incompatible with |
recursive boolean |
|
Recursively sets the specified ACL. Incompatible with |
state string |
|
Define whether the ACL should be present or not. The |
use_nfsv4_acls boolean |
|
Use NFSv4 ACLs instead of POSIX ACLs. |
Notes
Note
- The
acl
module requires that ACLs are enabled on the target filesystem and that thesetfacl
andgetfacl
binaries are installed. - As of Ansible 2.0, this module only supports Linux distributions.
- As of Ansible 2.3, the name option has been changed to path as default, but name still works as well.
Examples
- name: Grant user Joe read access to a file
ansible.posix.acl:
path: /etc/foo.conf
entity: joe
etype: user
permissions: r
state: present
- name: Removes the ACL for Joe on a specific file
ansible.posix.acl:
path: /etc/foo.conf
entity: joe
etype: user
state: absent
- name: Sets default ACL for joe on /etc/foo.d/
ansible.posix.acl:
path: /etc/foo.d/
entity: joe
etype: user
permissions: rw
default: yes
state: present
- name: Same as previous but using entry shorthand
ansible.posix.acl:
path: /etc/foo.d/
entry: default:user:joe:rw-
state: present
- name: Obtain the ACL for a specific file
ansible.posix.acl:
path: /etc/foo.conf
register: acl_info
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
acl list / elements=string |
success |
Current ACL on provided path (after changes, if any)
Sample: ['user::rwx', 'group::rwx', 'other::rwx'] |
Authors
- Brian Coca (@bcoca)
- Jérémie Astori (@astorije)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ansible/posix/acl_module.html