acl - Sets and retrieves file ACL information.

Author:Brian Coca

Synopsis

New in version 1.4.

Sets and retrieves file ACL information.

Options

parameter required default choices comments
default no
  • yes
  • no
if the target is a directory, setting this to yes will make it the default acl for entities created inside the directory. It causes an error if name is a file. (added in Ansible 1.5)
entity no
    actual user or group that the ACL applies to when matching entity types user or group are selected. (added in Ansible 1.5)
    entry no
      DEPRECATED. The acl to set or remove. This must always be quoted in the form of '<etype>:<qualifier>:<perms>'. The qualifier may be empty for some types, but the type and perms are always requried. '-' can be used as placeholder when you do not care about permissions. This is now superceeded by entity, type and permissions fields.
      etype no
      • user
      • group
      • mask
      • other
      the entity type of the ACL to apply, see setfacl documentation for more info. (added in Ansible 1.5)
      follow no True
      • yes
      • no
      whether to follow symlinks on the path if a symlink is encountered.
      name yes
        The full path of the file or object.
        permissions no
          Permissions to apply/remove can be any combination of r, w and x (read, write and execute respectively) (added in Ansible 1.5)
          state no query
          • query
          • present
          • absent
          defines whether the ACL should be present or not. The query state gets the current acl without changing it, for use in 'register' operations.

          Examples


          # Grant user Joe read access to a file
          - acl: name=/etc/foo.conf entity=joe etype=user permissions="r" state=present
          
          # Removes the acl for Joe on a specific file
          - acl: name=/etc/foo.conf entity=joe etype=user state=absent
          
          # Sets default acl for joe on foo.d
          - acl: name=/etc/foo.d entity=joe etype=user permissions=rw default=yes state=present
          
          # Same as previous but using entry shorthand
          - acl: name=/etc/foo.d entry="default:user:joe:rw-" state=present
          
          # Obtain the acl for a specific file
          - acl: name=/etc/foo.conf
            register: acl_info
          

          Note

          The “acl” module requires that acls are enabled on the target filesystem and that the setfacl and getfacl binaries are installed.

          Table Of Contents

          Previous topic

          Files Modules

          Next topic

          assemble - Assembles a configuration file from fragments