Bootstrap FreeKB - Ansible - Change file owner group mode permissions using the file module
Ansible - Change file owner group mode permissions using the file module

Updated:   |  Ansible articles

If you are not familiar with modules, check out Ansible - Getting Started with Modules.

The file module can be used to change the owner, group, and mode of files and directories.

AVOID TROUBLE

If the file or directory does not exist, attempting to change the owner, group or permission of the file should return "file is absent, cannot continue". For this reason, you will almost always want to use find or stat to determine if the file or directory exists.

AVOID TROUBLE

If using the owner parameter and the user account does not exist, "chown failed: failed to look up user username" will be returned. For this reason, you may want to use the shell module to first determine if the user account exists. The shell module could use the cat command to read the /etc/passwd file or use the id command to determine if the username exists.

Here is how you would update the owner, group and mode of /tmp/foo.txt.

---
- hosts: all
  tasks:
  - name: determine if /tmp/foo.txt exists
    ansible.builtin.stat:
      path: /tmp/foo.txt
    register: out

  - name: update foo.txt owner group mode
    ansible.builtin.file:
      path: /tmp/foo.txt
      owner: john.doe
      group: admins
      mode: '0770'
    when: out.stat.exists == true
...

 

Or, to loop over multiple files.

---
- hosts: localhost
  tasks:
  - name: find files containing 'foo' in the /tmp directory
    ansible.builtin.find:
      paths: /tmp
      use_regex: true
      patterns: (?i).*foo.*
    register: foo

  - name: update the owner/group/mode of the 'foo' files in the /tmp directory
    ansible.builtin.file:
      path: "{{ item.path }}"
      owner: john.doe
      group: admins
      mode: '0770'
    with_items: "{{ foo.files }}"
    when: foo.files >= 1
...

 

If the playbook is being invoked by the user that owns /tmp/foo.txt (root in this example), then the owner, group and mode will be updated. 

TASK [update foo.txt owner group mode]
changed: [server1.example.com]

 

On the other hand, if the playbook is being invoked by anyone other than root, a fatal error "Operation not permitted" would be returned. Or, become could be used to become root.

TASK [update /tmp/foo.txt owner group mode]
fatal: [server1.example.com]: FAILED! => {"changed": false, "gid": 10, "group": "root", "mode": "0644", "msg": "chown failed: [Errno 1] Operation not permitted: '/tmp/foo.txt'", "owner": "root", "path": "/tmp/foo.txt", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 0, "state": "file", "uid": 0}

 


Recursive directory

state: directory and recurse: yes can be used to update the owner of every file and directory at and below a certain directory. In this example, every file and directory below the /tmp directory will be updated to be owned by root.

AVOID TROUBLE

When recurse is used, the owner will be changed at and below the target directory. In this example, the /tmp directory and every file and directory below /tmp will be updated to be owned by root.

---
- hosts: all
  tasks:
  - name: recursively update /tmp directory owner
    ansible.builtin.file:
      path: /tmp
      state: directory
      recurse: yes
      owner: root
...

 

Or like this, to give "group" the "write" permission.

---
- hosts: all
  tasks:
  - name: recursively update /tmp directory
    ansible.builtin.file:
      path: /tmp
      state: directory
      recurse: yes
      mode: g+w
...

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 165b23 in the box below so that we can be sure you are a human.