ansible / ansible.builtin / v2.8.20 / module / acl Set and retrieve file ACL information. | "added in version" 1.4 of ansible.builtin" Authors: Brian Coca (@bcoca), Jérémie Astori (@astorije) stableinterface | supported by coreansible.builtin.acl (v2.8.20) — module
pip
Install with pip install ansible==2.8.20
Set and retrieve file ACL information.
- name: Grant user Joe read access to a file acl: path: /etc/foo.conf entity: joe etype: user permissions: r state: present
- name: Removes the ACL for Joe on a specific file acl: path: /etc/foo.conf entity: joe etype: user state: absent
- name: Sets default ACL for joe on /etc/foo.d/ acl: path: /etc/foo.d/ entity: joe etype: user permissions: rw default: yes state: present
- name: Same as previous but using entry shorthand acl: path: /etc/foo.d/ entry: default:user:joe:rw- state: present
- name: Obtain the ACL for a specific file acl: path: /etc/foo.conf register: acl_info
path: aliases: - name description: - The full path of the file or object. required: true type: path entry: description: - DEPRECATED. - The ACL to set or remove. - This must always be quoted in the form of C(<etype>:<qualifier>:<perms>). - The qualifier may be empty for some types, but the type and perms are always required. - C(-) can be used as placeholder when you do not care about permissions. - This is now superseded by entity, type and permissions fields. etype: choices: - group - mask - other - user description: - The entity type of the ACL to apply, see C(setfacl) documentation for more info. version_added: '1.5' version_added_collection: ansible.builtin state: choices: - absent - present - query default: query description: - Define whether the ACL should be present or not. - The C(query) state gets the current ACL without changing it, for use in C(register) operations. entity: description: - The actual user or group that the ACL applies to when matching entity types user or group are selected. version_added: '1.5' version_added_collection: ansible.builtin follow: default: true description: - Whether to follow symlinks on the path if a symlink is encountered. type: bool default: default: false description: - If the target is a directory, setting this to C(yes) will make it the default ACL for entities created inside the directory. - Setting C(default) to C(yes) causes an error if the path is a file. type: bool version_added: '1.5' version_added_collection: ansible.builtin recursive: default: false description: - Recursively sets the specified ACL. - Incompatible with C(state=query). type: bool version_added: '2.0' version_added_collection: ansible.builtin permissions: description: - The permissions to apply/remove can be any combination of C(r), C(w) and C(x) (read, write and execute respectively) version_added: '1.5' version_added_collection: ansible.builtin use_nfsv4_acls: default: false description: - Use NFSv4 ACLs instead of POSIX ACLs. type: bool version_added: '2.2' version_added_collection: ansible.builtin recalculate_mask: choices: - default - mask - no_mask default: default description: - Select if and when to recalculate the effective right masks of the files. - See C(setfacl) documentation for more info. - Incompatible with C(state=query). version_added: '2.7' version_added_collection: ansible.builtin
acl: description: Current ACL on provided path (after changes, if any) returned: success sample: - user::rwx - group::rwx - other::rwx type: list