Documentation
PLEASE NOTE: This document applies to latest version and not to the latest stable release v2.20
Documentation for other releases can be found by using the version selector in the top right of any doc page.acl
Manage file Access Control Lists (ACLs).
ACLs provide fine-grained permission control beyond standard Unix permissions. They allow per-user and per-group permissions on files and directories. Useful for containers, IoT devices, and multi-user file sharing scenarios.
Attributes
check_mode:
support: full
Parameters
| Parameter | Required | Type | Values | Description |
|---|---|---|---|---|
| default | boolean | Set default ACL (inherited by new files in directory). [default: false] |
||
| group | string | The group to set ACL for (e.g. “developers”). | ||
| mode | string | The permissions mode (e.g. “r”, “rw”, “rwx”, “rX”). Required when state=present. | ||
| path | true | string | The full path to the file or directory. | |
| recurse | boolean | Apply ACLs recursively to directory contents. [default: false] |
||
| state | string | present absent query |
Whether the ACL should exist or not. Use query to retrieve current ACLs without changes. [default: "present"] |
|
| user | string | The user to set ACL for (e.g. “nginx”). |
Examples
- name: Give user nginx read access to a file
acl:
path: /etc/app/config.json
user: nginx
mode: "r"
- name: Give group developers read-write access
acl:
path: /data/project
group: developers
mode: "rw"
- name: Set default ACL for directory (inherited by new files)
acl:
path: /data/shared
user: appuser
mode: "rwx"
default: true
- name: Remove user ACL entry
acl:
path: /data/file.txt
user: olduser
state: absent
- name: Query current ACLs
acl:
path: /etc/app/config.json
state: query
register: file_acls
- name: Apply ACLs recursively
acl:
path: /data/project
user: nginx
mode: "rX"
recurse: true