New in version 1.4.
Parameter | Choices/Defaults | Comments |
---|---|---|
default
boolean
added in 1.5 |
|
if the target is a directory, setting this to yes will make it the default acl for entities created inside the directory. It causes an error if path is a file.
|
entity
-
added in 1.5 |
actual user or group that the ACL applies to when matching entity types user or group are selected.
|
|
entry
-
|
DEPRECATED. The acl to set or remove. This must always be quoted in the form of '<etype>:<qualifier>:<perms>'. The qualifier may be empty for some types, but the type and perms are always required. '-' can be used as placeholder when you do not care about permissions. This is now superseded by entity, type and permissions fields.
|
|
etype
-
added in 1.5 |
|
the entity type of the ACL to apply, see setfacl documentation for more info.
|
follow
boolean
|
|
whether to follow symlinks on the path if a symlink is encountered.
|
path
-
/ required
|
The full path of the file or object.
aliases: name |
|
permissions
-
added in 1.5 |
Permissions to apply/remove can be any combination of r, w and x (read, write and execute respectively)
|
|
recalculate_mask
-
added in 2.7 |
|
Select if and when to recalculate the effective right masks of the files, see setfacl documentation for more info. Incompatible with
state=query . |
recursive
boolean
added in 2.0 |
|
Recursively sets the specified ACL (added in Ansible 2.0). Incompatible with
state=query . |
state
-
|
|
defines whether the ACL should be present or not. The
query state gets the current acl without changing it, for use in 'register' operations. |
use_nfsv4_acls
boolean
added in 2.2 |
|
Use NFSv4 ACLs instead of POSIX ACLs.
|
Note
- name: Grant user Joe read access to a file
acl:
path: /etc/foo.conf
entity: joe
etype: user
permissions: r
state: present
- name: Removes the acl for Joe on a specific file
acl:
path: /etc/foo.conf
entity: joe
etype: user
state: absent
- name: Sets default acl for joe on foo.d
acl:
path: /etc/foo.d
entity: joe
etype: user
permissions: rw
default: yes
state: present
- name: Same as previous but using entry shorthand
acl:
path: /etc/foo.d
entry: "default:user:joe:rw-"
state: present
- name: Obtain the acl for a specific file
acl:
path: /etc/foo.conf
register: acl_info
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
acl
list
|
success |
Current acl on provided path (after changes, if any)
Sample:
['user::rwx', 'group::rwx', 'other::rwx']
|
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Hint
If you notice any issues in this documentation you can edit this document to improve it.