Documentation

v2.20
latest v2.20 v2.19 v2.18 v2.17 v2.16 v2.15 v2.14 v2.12 v2.11 v2.10 v2.9 v2.8 v2.7 v2.6 v2.5 v2.4 v2.3 v2.2 v2.1 v2.0 v1.10 v1.9 v1.8 v1.7 v1.6 v1.5 v1.4 v1.3 v1.2 v1.1 v1.0
      Edit on GitHub

      acl

      Manage file Access Control Lists (ACLs).

      ACLs provide fine-grained permission control beyond standard Unix permissions. They allow per-user and per-group permissions on files and directories. Useful for containers, IoT devices, and multi-user file sharing scenarios.

      Attributes

      check_mode:
  support: full

      Parameters

      Parameter Required Type Values Description
      default   boolean   Set default ACL (inherited by new files in directory). [default: false]
      group   string   The group to set ACL for (e.g. “developers”).
      mode   string   The permissions mode (e.g. “r”, “rw”, “rwx”, “rX”). Required when state=present.
      path true string   The full path to the file or directory.
      recurse   boolean   Apply ACLs recursively to directory contents. [default: false]
      state   string present
      absent
      query      		 Whether the ACL should exist or not. Use query to retrieve current ACLs without changes. [default: "present"]
      user   string   The user to set ACL for (e.g. “nginx”).

      Examples

      - name: Give user nginx read access to a file
  acl:
    path: /etc/app/config.json
    user: nginx
    mode: "r"

- name: Give group developers read-write access
  acl:
    path: /data/project
    group: developers
    mode: "rw"

- name: Set default ACL for directory (inherited by new files)
  acl:
    path: /data/shared
    user: appuser
    mode: "rwx"
    default: true

- name: Remove user ACL entry
  acl:
    path: /data/file.txt
    user: olduser
    state: absent

- name: Query current ACLs
  acl:
    path: /etc/app/config.json
    state: query
  register: file_acls

- name: Apply ACLs recursively
  acl:
    path: /data/project
    user: nginx
    mode: "rX"
    recurse: true