ansible.builtin.acl (v2.4.6.0-1) — module

Install Ansible via pip

Install with pip install ansible==2.4.6.0.post1

Description

Sets and retrieves file ACL information.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Grant user Joe read access to a file
- acl:
    path: /etc/foo.conf
    entity: joe
    etype: user
    permissions: r
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Removes the acl for Joe on a specific file
- acl:
    path: /etc/foo.conf
    entity: joe
    etype: user
    state: absent

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Sets default acl for joe on foo.d
- acl:
    path: /etc/foo.d
    entity: joe
    etype: user
    permissions: rw
    default: yes
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Same as previous but using entry shorthand
- acl:
    path: /etc/foo.d
    entry: "default:user:joe:rw-"
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Obtain the acl for a specific file
- acl:
    path: /etc/foo.conf
  register: acl_info

Inputs

    
path:
    aliases:
    - name
    default: null
    description:
    - The full path of the file or object.
    required: true

entry:
    default: null
    description:
    - DEPRECATED. The acl to set or remove.  This must always be quoted in the form of
      '<etype>:<qualifier>:<perms>'.  The qualifier may be empty for some types, but the
      type and perms are always required. '-' can be used as placeholder when you do not
      care about permissions. This is now superseded by entity, type and permissions fields.
    required: false

etype:
    choices:
    - user
    - group
    - mask
    - other
    default: null
    description:
    - the entity type of the ACL to apply, see setfacl documentation for more info.
    required: false
    version_added: '1.5'
    version_added_collection: ansible.builtin

state:
    choices:
    - query
    - present
    - absent
    default: query
    description:
    - defines whether the ACL should be present or not.  The C(query) state gets the current
      acl without changing it, for use in 'register' operations.
    required: false

entity:
    description:
    - actual user or group that the ACL applies to when matching entity types user or
      group are selected.
    required: false
    version_added: '1.5'
    version_added_collection: ansible.builtin

follow:
    choices:
    - 'yes'
    - 'no'
    default: true
    description:
    - whether to follow symlinks on the path if a symlink is encountered.
    required: false

default:
    choices:
    - 'yes'
    - 'no'
    default: false
    description:
    - if the target is a directory, setting this to yes will make it the default acl for
      entities created inside the directory. It causes an error if path is a file.
    required: false
    version_added: '1.5'
    version_added_collection: ansible.builtin

recursive:
    choices:
    - 'yes'
    - 'no'
    default: false
    description:
    - Recursively sets the specified ACL (added in Ansible 2.0). Incompatible with C(state=query).
    required: false
    version_added: '2.0'
    version_added_collection: ansible.builtin

permissions:
    default: null
    description:
    - Permissions to apply/remove can be any combination of r, w and  x (read, write and
      execute respectively)
    required: false
    version_added: '1.5'
    version_added_collection: ansible.builtin

Outputs

acl:
  description: Current acl on provided path (after changes, if any)
  returned: success
  sample:
  - user::rwx
  - group::rwx
  - other::rwx
  type: list