FreeKB - Ansible file module (change owner group mode permissions chown chgrp chmod)
Ansible - file module (change owner group mode permissions chown chgrp chmod)

The file module can be used to change the owner, group, and/or mode of a file on a managed node (e.g. target system). Or, the following can be used to invoke this module on the control node (that's your Ansible server). 

The ansible-doc file command can be used to show the Ansible documention on the file module.

Before using the file module to update the owner, group, or mode of a file, you may want to use the stat module to determine the current owner, group, and mode of the file. In this example, the stat module reads the foo.txt file, and the register module is used to store the stats in a variable named "out".

- name: "store the stats of foo.txt in the 'out' variable"
    path: "/tmp/foo.txt"
  register: "out"


The debug module can be used to output the raw stats. Notice the double curley braces {{ ... }}. Jinja2 uses double curley braces for variables.

- name: "output the contents of the 'out' variable"
    msg: "{{ out }}"


Which should output something like this. 

  • pw_name = owner (root in this example)
  • gr_name = group (wheel in this example)
  • mode = mode (0644 in this example)
TASK [output the contents of the 'out' variable] *******************************
ok: [] => {
    "msg": {
        "changed": false,
        "failed": false,
        "stat": {
            "atime": 1597271585.646168,
            "attr_flags": "",
            "attributes": [],
            "block_size": 4096,
            "blocks": 8,
            "charset": "us-ascii",
            "checksum": "648a6a6ffffdaa0badb23b8baf90b6168dd16b3a",
            "ctime": 1597271585.646168,
            "dev": 64768,
            "device_type": 0,
            "executable": false,
            "exists": true,
            "gid": 10,
            "gr_name": "wheel",
            "inode": 26964623,
            "isblk": false,
            "ischr": false,
            "isdir": false,
            "isfifo": false,
            "isgid": false,
            "islnk": false,
            "isreg": true,
            "issock": false,
            "isuid": false,
            "md5": "e59ff97941044f85df5297e1c302d260",
            "mimetype": "text/plain",
            "mode": "0644",
            "mtime": 1597271585.646168,
            "nlink": 1,
            "path": "/tmp/example.txt",
            "pw_name": "root",
            "readable": true,
            "rgrp": true,
            "roth": true,
            "rusr": true,
            "size": 12,
            "uid": 1000,
            "version": "891153635",
            "wgrp": false,
            "woth": false,
            "writeable": true,
            "wusr": true,
            "xgrp": false,
            "xoth": false,
            "xusr": false


Here is how you would update the owner, group and mode of /tmp/foo.txt using the file module.

- name: "update foo.txt owner group mode"
    path: /tmp/foo.txt
    owner: "john.doe"
    group: "admins"
    mode: "0770"


If the playbook is being invoked by the user that owns /tmp/foo.txt (root in this example), then the owner, group and mode will be updated. 

TASK [update foo.txt owner group mode]
changed: []


On the other hand, if the playbook is being invoked by anyone other than root, a fatal error "Operation not permitted" would be returned. Or, become could be used to become root.

TASK [update /tmp/foo.txt owner group mode]
fatal: []: FAILED! => {"changed": false, "gid": 10, "group": "root", "mode": "0644", "msg": "chown failed: [Errno 1] Operation not permitted: '/tmp/foo.txt'", "owner": "root", "path": "/tmp/foo.txt", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 0, "state": "file", "uid": 0}


Recursive directory

state: directory and recurse: yes can be used to update the owner of every file and directory below a certain directory. In this example, every file and directory below the /tmp directory will be updated to be owned by root.

- name: "recursively update /tmp directory owner"
    path: "/tmp"
    state: "directory"
    recurse: "yes"
    owner: "root"


Or like this, to give "group" the "write" permission.

- name: "recursively update /tmp directory"
    path: "/tmp"
    state: "directory"
    recurse: "yes"
    mode: "g+w"


Optional Parameters

Refer to the following articles for more details on the owner, group, and mode parameters.

  • owner (e.g. owner: "root")
  • group (e.g. group: "wheel")
  • mode (e.g. mode: "2775")

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter fe410 in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |