Try SpotterSet and retrieve file ACL information.
| "added in version" 1.4 of ansible.builtin"
Authors: Brian Coca (@bcoca), Jérémie Astori (@astorije)
stableinterface | supported by core
pipInstall with pip install ansible==2.9.27
Set and retrieve file ACL information.
- name: Grant user Joe read access to a file
acl:
path: /etc/foo.conf
entity: joe
etype: user
permissions: r
state: present
- name: Removes the ACL for Joe on a specific file
acl:
path: /etc/foo.conf
entity: joe
etype: user
state: absent
- name: Sets default ACL for joe on /etc/foo.d/
acl:
path: /etc/foo.d/
entity: joe
etype: user
permissions: rw
default: yes
state: present
- name: Same as previous but using entry shorthand
acl:
path: /etc/foo.d/
entry: default:user:joe:rw-
state: present
- name: Obtain the ACL for a specific file
acl:
path: /etc/foo.conf
register: acl_info
path:
aliases:
- name
description:
- The full path of the file or object.
required: true
type: path
entry:
description:
- DEPRECATED.
- The ACL to set or remove.
- This must always be quoted in the form of C(<etype>:<qualifier>:<perms>).
- The qualifier may be empty for some types, but the type and perms are always required.
- C(-) can be used as placeholder when you do not care about permissions.
- This is now superseded by entity, type and permissions fields.
etype:
choices:
- group
- mask
- other
- user
description:
- The entity type of the ACL to apply, see C(setfacl) documentation for more info.
version_added: '1.5'
version_added_collection: ansible.builtin
state:
choices:
- absent
- present
- query
default: query
description:
- Define whether the ACL should be present or not.
- The C(query) state gets the current ACL without changing it, for use in C(register)
operations.
entity:
description:
- The actual user or group that the ACL applies to when matching entity types user
or group are selected.
version_added: '1.5'
version_added_collection: ansible.builtin
follow:
default: true
description:
- Whether to follow symlinks on the path if a symlink is encountered.
type: bool
default:
default: false
description:
- If the target is a directory, setting this to C(yes) will make it the default ACL
for entities created inside the directory.
- Setting C(default) to C(yes) causes an error if the path is a file.
type: bool
version_added: '1.5'
version_added_collection: ansible.builtin
recursive:
default: false
description:
- Recursively sets the specified ACL.
- Incompatible with C(state=query).
type: bool
version_added: '2.0'
version_added_collection: ansible.builtin
permissions:
description:
- The permissions to apply/remove can be any combination of C(r), C(w) and C(x) (read,
write and execute respectively)
version_added: '1.5'
version_added_collection: ansible.builtin
use_nfsv4_acls:
default: false
description:
- Use NFSv4 ACLs instead of POSIX ACLs.
type: bool
version_added: '2.2'
version_added_collection: ansible.builtin
recalculate_mask:
choices:
- default
- mask
- no_mask
default: default
description:
- Select if and when to recalculate the effective right masks of the files.
- See C(setfacl) documentation for more info.
- Incompatible with C(state=query).
version_added: '2.7'
version_added_collection: ansible.builtin
acl: description: Current ACL on provided path (after changes, if any) returned: success sample: - user::rwx - group::rwx - other::rwx type: list