.. _ansible.posix.acl_module: ***************** ansible.posix.acl ***************** **Set and retrieve file ACL information.** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Set and retrieve file ACL information. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
default
boolean
    Choices:
  • no ←
  • yes
If the target is a directory, setting this to true will make it the default ACL for entities created inside the directory.
Setting default to true causes an error if the path is a file.
entity
string
Default:
""
The actual user or group that the ACL applies to when matching entity types user or group are selected.
entry
string
DEPRECATED.
The ACL to set or remove.
This must always be quoted in the form of <etype>:<qualifier>:<perms>.
The qualifier may be empty for some types, but the type and perms are always required.
- can be used as placeholder when you do not care about permissions.
This is now superseded by entity, type and permissions fields.
etype
string
    Choices:
  • group
  • mask
  • other
  • user
The entity type of the ACL to apply, see setfacl documentation for more info.
follow
boolean
    Choices:
  • no
  • yes ←
Whether to follow symlinks on the path if a symlink is encountered.
path
path / required
The full path of the file or object.

aliases: name
permissions
string
The permissions to apply/remove can be any combination of r, w, x
(read, write and execute respectively), and X (execute permission if the file is a directory or already has execute permission for some user)
recalculate_mask
string
    Choices:
  • default ←
  • mask
  • no_mask
Select if and when to recalculate the effective right masks of the files.
See setfacl documentation for more info.
Incompatible with state=query.
recursive
boolean
    Choices:
  • no ←
  • yes
Recursively sets the specified ACL.
Incompatible with state=query.
Alias recurse added in version 1.3.0.

aliases: recurse
state
string
    Choices:
  • absent
  • present
  • query ←
Define whether the ACL should be present or not.
The query state gets the current ACL without changing it, for use in register operations.
use_nfsv4_acls
boolean
    Choices:
  • no ←
  • yes
Use NFSv4 ACLs instead of POSIX ACLs.

Notes ----- .. note:: - The ``acl`` module requires that ACLs are enabled on the target filesystem and that the ``setfacl`` and ``getfacl`` binaries are installed. - As of Ansible 2.0, this module only supports Linux distributions. - As of Ansible 2.3, the *name* option has been changed to *path* as default, but *name* still works as well. Examples -------- .. code-block:: yaml - name: Grant user Joe read access to a file ansible.posix.acl: path: /etc/foo.conf entity: joe etype: user permissions: r state: present - name: Removes the ACL for Joe on a specific file ansible.posix.acl: path: /etc/foo.conf entity: joe etype: user state: absent - name: Sets default ACL for joe on /etc/foo.d/ ansible.posix.acl: path: /etc/foo.d/ entity: joe etype: user permissions: rw default: true state: present - name: Same as previous but using entry shorthand ansible.posix.acl: path: /etc/foo.d/ entry: default:user:joe:rw- state: present - name: Obtain the ACL for a specific file ansible.posix.acl: path: /etc/foo.conf register: acl_info Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
acl
list
success
Current ACL on provided path (after changes, if any)

Sample:
['user::rwx', 'group::rwx', 'other::rwx']


Status ------ Authors ~~~~~~~ - Brian Coca (@bcoca) - Jérémie Astori (@astorije)