Ansible - Create and modify access control list entries using the acl module
by
Jeremy Canfield |
Updated: August 18 2022
| Ansible articles
If you are not familiar with modules, check out Ansible - Getting Started with Modules.
The acl module is used to create and modify access control list entries, similar to the getfacl and setfacl commands.In this example, an ACL entry is set on the /var/www directory so that by default john.doe (user) has rwx permission.
- name: setfacl --default --modify user:webadmin:rwx /var/www
acl:
path: /var/www
entity: webadmin
etype: user
permissions: rwx
state: present
default: yes
In this example, an ACL entry is set on the /var/www directory so that by default the webgroup group has rwx permission.
- name: setfacl --default --modify group:webgroup:rwx /var/www
acl:
path: /var/www
entity: webgroup
etype: group
permissions: rwx
state: present
default: yes
In this example, an ACL entry is set on the /var/www directory so that by default other has r (read only) permission.
- name: setfacl --default --modify group:webgroup:rwx /var/www
acl:
path: /var/www
etype: other
permissions: r
state: present
default: yes
The recursive option can be used to apply the ACL change to every file and directory below the parent directory.
- name: setfacl --default --modify g:webgroup:rwx /var/www
acl:
path: /var/www
entity: webgroup
etype: group
permissions: rwx
state: present
default: yes
recursive: true
Did you find this article helpful?
If so, consider buying me a coffee over at