Try SpotterSet and retrieve file ACL information.
| "added in version" 1.0.0 of ansible.posix"
Authors: Brian Coca (@bcoca), Jérémie Astori (@astorije)
Install with ansible-galaxy collection install ansible.posix:==1.5.4
collections:
- name: ansible.posix
version: 1.5.4Set and retrieve file ACL information.
- name: Grant user Joe read access to a file
ansible.posix.acl:
path: /etc/foo.conf
entity: joe
etype: user
permissions: r
state: present
- name: Removes the ACL for Joe on a specific file
ansible.posix.acl:
path: /etc/foo.conf
entity: joe
etype: user
state: absent
- name: Sets default ACL for joe on /etc/foo.d/
ansible.posix.acl:
path: /etc/foo.d/
entity: joe
etype: user
permissions: rw
default: true
state: present
- name: Same as previous but using entry shorthand
ansible.posix.acl:
path: /etc/foo.d/
entry: default:user:joe:rw-
state: present
- name: Obtain the ACL for a specific file
ansible.posix.acl:
path: /etc/foo.conf
register: acl_info
path:
aliases:
- name
description:
- The full path of the file or object.
required: true
type: path
entry:
description:
- DEPRECATED.
- The ACL to set or remove.
- This must always be quoted in the form of C(<etype>:<qualifier>:<perms>).
- The qualifier may be empty for some types, but the type and perms are always required.
- C(-) can be used as placeholder when you do not care about permissions.
- This is now superseded by entity, type and permissions fields.
type: str
etype:
choices:
- group
- mask
- other
- user
description:
- The entity type of the ACL to apply, see C(setfacl) documentation for more info.
type: str
state:
choices:
- absent
- present
- query
default: query
description:
- Define whether the ACL should be present or not.
- The C(query) state gets the current ACL without changing it, for use in C(register)
operations.
type: str
entity:
default: ''
description:
- The actual user or group that the ACL applies to when matching entity types user
or group are selected.
type: str
follow:
default: true
description:
- Whether to follow symlinks on the path if a symlink is encountered.
type: bool
default:
default: false
description:
- If the target is a directory, setting this to C(true) will make it the default ACL
for entities created inside the directory.
- Setting C(default) to C(true) causes an error if the path is a file.
type: bool
recursive:
aliases:
- recurse
default: false
description:
- Recursively sets the specified ACL.
- Incompatible with C(state=query).
- Alias C(recurse) added in version 1.3.0.
type: bool
permissions:
description:
- The permissions to apply/remove can be any combination of C(r), C(w), C(x)
- (read, write and execute respectively), and C(X) (execute permission if the file
is a directory or already has execute permission for some user)
type: str
use_nfsv4_acls:
default: false
description:
- Use NFSv4 ACLs instead of POSIX ACLs.
type: bool
recalculate_mask:
choices:
- default
- mask
- no_mask
default: default
description:
- Select if and when to recalculate the effective right masks of the files.
- See C(setfacl) documentation for more info.
- Incompatible with C(state=query).
type: str
acl: description: Current ACL on provided path (after changes, if any) returned: success sample: - user::rwx - group::rwx - other::rwx type: list