ansible / ansible.builtin / v2.4.6.0-1 / module / acl Sets and retrieves file ACL information. | "added in version" 1.4 of ansible.builtin" Authors: Brian Coca (@bcoca), Jérémie Astori (@astorije) stableinterface | supported by coreansible.builtin.acl (v2.4.6.0-1) — module
pip
Install with pip install ansible==2.4.6.0.post1
Sets and retrieves file ACL information.
# Grant user Joe read access to a file - acl: path: /etc/foo.conf entity: joe etype: user permissions: r state: present
# Removes the acl for Joe on a specific file - acl: path: /etc/foo.conf entity: joe etype: user state: absent
# Sets default acl for joe on foo.d - acl: path: /etc/foo.d entity: joe etype: user permissions: rw default: yes state: present
# Same as previous but using entry shorthand - acl: path: /etc/foo.d entry: "default:user:joe:rw-" state: present
# Obtain the acl for a specific file - acl: path: /etc/foo.conf register: acl_info
path: aliases: - name default: null description: - The full path of the file or object. required: true entry: default: null description: - DEPRECATED. The acl to set or remove. This must always be quoted in the form of '<etype>:<qualifier>:<perms>'. The qualifier may be empty for some types, but the type and perms are always required. '-' can be used as placeholder when you do not care about permissions. This is now superseded by entity, type and permissions fields. required: false etype: choices: - user - group - mask - other default: null description: - the entity type of the ACL to apply, see setfacl documentation for more info. required: false version_added: '1.5' version_added_collection: ansible.builtin state: choices: - query - present - absent default: query description: - defines whether the ACL should be present or not. The C(query) state gets the current acl without changing it, for use in 'register' operations. required: false entity: description: - actual user or group that the ACL applies to when matching entity types user or group are selected. required: false version_added: '1.5' version_added_collection: ansible.builtin follow: choices: - 'yes' - 'no' default: true description: - whether to follow symlinks on the path if a symlink is encountered. required: false default: choices: - 'yes' - 'no' default: false description: - if the target is a directory, setting this to yes will make it the default acl for entities created inside the directory. It causes an error if path is a file. required: false version_added: '1.5' version_added_collection: ansible.builtin recursive: choices: - 'yes' - 'no' default: false description: - Recursively sets the specified ACL (added in Ansible 2.0). Incompatible with C(state=query). required: false version_added: '2.0' version_added_collection: ansible.builtin permissions: default: null description: - Permissions to apply/remove can be any combination of r, w and x (read, write and execute respectively) required: false version_added: '1.5' version_added_collection: ansible.builtin
acl: description: Current acl on provided path (after changes, if any) returned: success sample: - user::rwx - group::rwx - other::rwx type: list