ansible.posix.acl module – Set and retrieve file ACL information.
Note
This module is part of the ansible.posix collection (version 1.6.2).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.posix
.
To use it in a playbook, specify: ansible.posix.acl
.
New in ansible.posix 1.0.0
Synopsis
Set and retrieve file ACL information.
Parameters
Parameter |
Comments |
---|---|
If Setting Choices:
|
|
The actual user or group that the ACL applies to when matching entity types user or group are selected. Default: |
|
DEPRECATED. The ACL to set or remove. This must always be quoted in the form of The qualifier may be empty for some types, but the type and perms are always required.
This is now superseded by entity, type and permissions fields. |
|
The entity type of the ACL to apply, see Choices:
|
|
Whether to follow symlinks on the path if a symlink is encountered. Choices:
|
|
The full path of the file or object. |
|
The permissions to apply/remove can be any combination of |
|
Select if and when to recalculate the effective right masks of the files. See Incompatible with Choices:
|
|
Recursively sets the specified ACL. Incompatible with Alias Choices:
|
|
Define whether the ACL should be present or not. The Choices:
|
|
Use NFSv4 ACLs instead of POSIX ACLs. This feature uses Permission is set as optimised ACLs by the system. You can check the actual ACLs that has been set using the return value. More info Choices:
|
Notes
Note
The ansible.posix.acl module requires that ACLs are enabled on the target filesystem and that the
setfacl
andgetfacl
binaries are installed.As of Ansible 2.0, this module only supports Linux distributions.
As of Ansible 2.3, the
name
option has been changed topath
as default, butname
still works as well.
Examples
- name: Grant user Joe read access to a file
ansible.posix.acl:
path: /etc/foo.conf
entity: joe
etype: user
permissions: r
state: present
- name: Removes the ACL for Joe on a specific file
ansible.posix.acl:
path: /etc/foo.conf
entity: joe
etype: user
state: absent
- name: Sets default ACL for joe on /etc/foo.d/
ansible.posix.acl:
path: /etc/foo.d/
entity: joe
etype: user
permissions: rw
default: true
state: present
- name: Same as previous but using entry shorthand
ansible.posix.acl:
path: /etc/foo.d/
entry: default:user:joe:rw-
state: present
- name: Obtain the ACL for a specific file
ansible.posix.acl:
path: /etc/foo.conf
register: acl_info
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Current ACL on provided path (after changes, if any) Returned: success Sample: |