salt.states.linux_acl¶
Linux File Access Control Lists
The Linux ACL state module requires the getfacl and setfacl binaries.
Ensure a Linux ACL is present
root:
acl.present:
- name: /root
- acl_type: user
- acl_name: damian
- perms: rwx
Ensure a Linux ACL does not exist
root:
acl.absent:
- name: /root
- acl_type: user
- acl_name: damian
- perms: rwx
Ensure a Linux ACL list is present
root:
acl.list_present:
- name: /root
- acl_type: user
- acl_names:
- damian
- homer
- perms: rwx
Ensure a Linux ACL list does not exist
root:
acl.list_absent:
- name: /root
- acl_type: user
- acl_names:
- damian
- homer
- perms: rwx
Warning
The effective permissions of Linux file access control lists (ACLs) are governed by the "effective rights mask" (the mask line in the output of the getfacl command) combined with the perms set by this module: any permission bits (for example, r=read) present in an ACL but not in the mask are ignored. The mask is automatically recomputed when setting an ACL, so normally this isn't important. However, if the file permissions are changed (with chmod or file.managed, for example), the mask will generally be set based on just the group bits of the file permissions.
As a result, when using file.managed or similar to control file permissions as well as this module, you should set your group permissions to be at least as broad as any permissions in your ACL. Otherwise, the two state declarations will each register changes each run, and if the file declaration runs later, your ACL will be ineffective.
- salt.states.linux_acl.absent(name, acl_type, acl_name='', perms='', recurse=False)¶
Ensure a Linux ACL does not exist
- name
The acl path
- acl_type
The type of the acl is used for, it can be 'user' or 'group'
- acl_name
The user or group
- perms
Remove the permissions eg.: rwx
- recurse
Set the permissions recursive in the path
- salt.states.linux_acl.list_absent(name, acl_type, acl_names=None, recurse=False)¶
Ensure a Linux ACL list does not exist
Takes a list of acl names and remove them from the given path
- name
The acl path
- acl_type
The type of the acl is used for, it can be 'user' or 'group'
- acl_names
The list of users or groups
- perms
Remove the permissions eg.: rwx
- recurse
Set the permissions recursive in the path
- salt.states.linux_acl.list_present(name, acl_type, acl_names=None, perms='', recurse=False, force=False)¶
Ensure a Linux ACL list is present
Takes a list of acl names and add them to the given path
- name
The acl path
- acl_type
The type of the acl is used for it can be 'user' or 'group'
- acl_names
The list of users or groups
- perms
Set the permissions eg.: rwx
- recurse
Set the permissions recursive in the path
- force
Wipe out old permissions and ensure only the new permissions are set
- salt.states.linux_acl.present(name, acl_type, acl_name='', perms='', recurse=False, force=False)¶
Ensure a Linux ACL is present
- name
The acl path
- acl_type
The type of the acl is used for it can be 'user' or 'group'
- acl_name
The user or group
- perms
Set the permissions eg.: rwx
- recurse
Set the permissions recursive in the path
- force
Wipe out old permissions and ensure only the new permissions are set
