Author: | Brian Coca |
---|
parameter | required | default | choices | comments |
---|---|---|---|---|
default | no |
|
if the target is a directory, setting this to yes will make it the default acl for entities created inside the directory. It causes an error if name is a file. (added in Ansible 1.5) | |
entity | no | actual user or group that the ACL applies to when matching entity types user or group are selected. (added in Ansible 1.5) | ||
entry | no | DEPRECATED. The acl to set or remove. This must always be quoted in the form of '<etype>:<qualifier>:<perms>'. The qualifier may be empty for some types, but the type and perms are always requried. '-' can be used as placeholder when you do not care about permissions. This is now superceeded by entity, type and permissions fields. | ||
etype | no |
|
if the target is a directory, setting this to yes will make it the default acl for entities created inside the directory. It causes an error if name is a file. (added in Ansible 1.5) | |
follow | no | True |
|
whether to follow symlinks on the path if a symlink is encountered. |
name | yes | The full path of the file or object. | ||
permissions | no | Permissions to apply/remove can be any combination of r, w and x (read, write and execute respectively) (added in Ansible 1.5) | ||
state | no | query |
|
defines whether the ACL should be present or not. The query state gets the current acl present without changing it, for use in 'register' operations. |
# Grant user Joe read access to a file
- acl: name=/etc/foo.conf entity=joe etype=user permissions="r" state=present
# Removes the acl for Joe on a specific file
- acl: name=/etc/foo.conf entity=joe etype=user state=absent
# Sets default acl for joe on foo.d
- acl: name=/etc/foo.d entity=joe etype=user permissions=rw default=yes state=present
# Same as previous but using entry shorthand
- acl: name=/etc/foo.d entry="default:user:joe:rw-" state=present
# Obtain the acl for a specific file
- acl: name=/etc/foo.conf
register: acl_info
Note
The “acl” module requires that acls are enabled on the target filesystem and that the setfacl and getfacl binaries are installed.