file – Manage files and file properties

Synopsis

  • Set attributes of files, symlinks or directories.
  • Alternatively, remove files, symlinks or directories.
  • Many other modules support the same options as the file module - including copy, template, and assemble.
  • For Windows targets, use the win_file module instead.

Parameters

Parameter Choices/Defaults Comments
access_time
string
added in 2.7
This parameter indicates the time the file's access time should be set to.
Should be preserve when no modification is required, YYYYMMDDHHMM.SS when using default time format, or now.
Default is None meaning that preserve is the default for state=[file,directory,link,hard] and now is default for state=touch.
access_time_format
string
added in 2.7
Default:
"%Y%m%d%H%M.%S"
When used with access_time, indicates the time format that must be used.
Based on default Python format (see time.strftime doc).
attributes
string
The attributes the resulting file or directory should have.
To get supported flags look at the man page for chattr on the target system.
This string should contain the attributes in the same order as the one displayed by lsattr.
The = operator is assumed as default, otherwise + or - operators need to be included in the string.

aliases: attr
follow
boolean
    Choices:
  • no
  • yes ←
This flag indicates that filesystem links, if they exist, should be followed.
Previous to Ansible 2.5, this was no by default.
force
boolean
    Choices:
  • no ←
  • yes
Force the creation of the symlinks in two cases: the source file does not exist (but will appear later); the destination exists and is a file (so, we need to unlink the path file and create symlink to the src file in place of it).
group
string
Name of the group that should own the file/directory, as would be fed to chown.
mode
string
The permissions the resulting file or directory should have.
For those used to /usr/bin/chmod remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like 0644 or 01777) or quote it (like '644' or '1777') so Ansible receives a string and can do its own conversion from string into number.
Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results.
As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, u+rwx or u=rw,g=r,o=r).
As of Ansible 2.6, the mode may also be the special string preserve.
When set to preserve the file will be given the same permissions as the source file.
modification_time
string
added in 2.7
This parameter indicates the time the file's modification time should be set to.
Should be preserve when no modification is required, YYYYMMDDHHMM.SS when using default time format, or now.
Default is None meaning that preserve is the default for state=[file,directory,link,hard] and now is default for state=touch.
modification_time_format
string
added in 2.7
Default:
"%Y%m%d%H%M.%S"
When used with modification_time, indicates the time format that must be used.
Based on default Python format (see time.strftime doc).
owner
string
Name of the user that should own the file/directory, as would be fed to chown.
path
path / required
Path to the file being managed.

aliases: dest, name
recurse
boolean
    Choices:
  • no ←
  • yes
Recursively set the specified file attributes on directory contents.
This applies only when state is set to directory.
selevel
string
Default:
"s0"
The level part of the SELinux file context.
This is the MLS/MCS attribute, sometimes known as the range.
When set to _default, it will use the level portion of the policy if available.
serole
string
The role part of the SELinux file context.
When set to _default, it will use the role portion of the policy if available.
setype
string
The type part of the SELinux file context.
When set to _default, it will use the type portion of the policy if available.
seuser
string
The user part of the SELinux file context.
By default it uses the system policy, where applicable.
When set to _default, it will use the user portion of the policy if available.
src
path
Path of the file to link to.
This applies only to state=link and state=hard.
For state=link, this will also accept a non-existing path.
Relative paths are relative to the file being created (path) which is how the Unix command ln -s SRC DEST treats relative paths.
state
string
    Choices:
  • absent
  • directory
  • file ←
  • hard
  • link
  • touch
If absent, directories will be recursively deleted, and files or symlinks will be unlinked. In the case of a directory, if diff is declared, you will see the files and folders deleted listed under path_contents. Note that absent will not cause file to fail if the path does not exist as the state did not change.
If directory, all intermediate subdirectories will be created if they do not exist. Since Ansible 1.7 they will be created with the supplied permissions.
If file, without any other options this works mostly as a 'stat' and will return the current state of path. Even with other options (i.e mode), the file will be modified but will NOT be created if it does not exist; see the touch value or the copy or template module if you want that behavior.
If hard, the hard link will be created or changed.
If link, the symbolic link will be created or changed.
If touch (new in 1.4), an empty file will be created if the path does not exist, while an existing file or directory will receive updated file access and modification times (similar to the way touch works from the command line).
unsafe_writes
boolean
    Choices:
  • no ←
  • yes
Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target file.
By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target files, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted files, which cannot be updated atomically from inside the container and can only be written in an unsafe manner.
This option allows Ansible to fall back to unsafe methods of updating files when atomic operations fail (however, it doesn't force Ansible to perform unsafe writes).
IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.

See Also

See also

assemble – Assemble configuration files from fragments
The official documentation on the assemble module.
copy – Copy files to remote locations
The official documentation on the copy module.
stat – Retrieve file or file system status
The official documentation on the stat module.
template – Template a file out to a remote server
The official documentation on the template module.
win_file – Creates, touches or removes files or directories
The official documentation on the win_file module.

Examples

- name: Change file ownership, group and permissions
  file:
    path: /etc/foo.conf
    owner: foo
    group: foo
    mode: '0644'

- name: Give insecure permissions to an existing file
  file:
    path: /work
    owner: root
    group: root
    mode: '1777'

- name: Create a symbolic link
  file:
    src: /file/to/link/to
    dest: /path/to/symlink
    owner: foo
    group: foo
    state: link

- name: Create two hard links
  file:
    src: '/tmp/{{ item.src }}'
    dest: '{{ item.dest }}'
    state: hard
  loop:
    - { src: x, dest: y }
    - { src: z, dest: k }

- name: Touch a file, using symbolic modes to set the permissions (equivalent to 0644)
  file:
    path: /etc/foo.conf
    state: touch
    mode: u=rw,g=r,o=r

- name: Touch the same file, but add/remove some permissions
  file:
    path: /etc/foo.conf
    state: touch
    mode: u+rw,g-wx,o-rwx

- name: Touch again the same file, but dont change times this makes the task idempotent
  file:
    path: /etc/foo.conf
    state: touch
    mode: u+rw,g-wx,o-rwx
    modification_time: preserve
    access_time: preserve

- name: Create a directory if it does not exist
  file:
    path: /etc/some_directory
    state: directory
    mode: '0755'

- name: Update modification and access time of given file
  file:
    path: /etc/some_file
    state: file
    modification_time: now
    access_time: now

- name: Set access time based on seconds from epoch value
  file:
    path: /etc/another_file
    state: file
    access_time: '{{ "%Y%m%d%H%M.%S" | strftime(stat_var.stat.atime) }}'

- name: Recursively change ownership of a directory
  file:
    path: /etc/foo
    state: directory
    recurse: yes
    owner: foo
    group: foo

- name: Remove file (delete file)
  file:
    path: /etc/foo.txt
    state: absent

- name: Recursively remove directory
  file:
    path: /etc/foo
    state: absent

Status

Red Hat Support

More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.

Authors

  • Ansible Core Team
  • Michael DeHaan

Hint

If you notice any issues in this documentation, you can edit this document to improve it.