salt.states.linux_acl#

Linux File Access Control Lists

The Linux ACL state module requires the getfacl and setfacl binaries.

Ensure a Linux ACL is present

root:
  acl.present:
    - name: /root
    - acl_type: user
    - acl_name: damian
    - perms: rwx

Ensure a Linux ACL is present as a default for all new objects

root:
  acl.present:
    - name: /root
    - acl_type: "default:user"
    - acl_name: damian
    - perms: rwx

Ensure a Linux ACL does not exist

root:
  acl.absent:
    - name: /root
    - acl_type: user
    - acl_name: damian
    - perms: rwx

Ensure a Linux ACL list is present

root:
  acl.list_present:
    - name: /root
    - acl_type: user
    - acl_names:
      - damian
      - homer
    - perms: rwx

Ensure a Linux ACL list does not exist

root:
  acl.list_absent:
    - name: /root
    - acl_type: user
    - acl_names:
      - damian
      - homer
    - perms: rwx

Warning

The effective permissions of Linux file access control lists (ACLs) are governed by the "effective rights mask" (the mask line in the output of the getfacl command) combined with the perms set by this module: any permission bits (for example, r=read) present in an ACL but not in the mask are ignored. The mask is automatically recomputed when setting an ACL, so normally this isn't important. However, if the file permissions are changed (with chmod or file.managed, for example), the mask will generally be set based on just the group bits of the file permissions.

As a result, when using file.managed or similar to control file permissions as well as this module, you should set your group permissions to be at least as broad as any permissions in your ACL. Otherwise, the two state declarations will each register changes each run, and if the file declaration runs later, your ACL will be ineffective.

salt.states.linux_acl.absent(name, acl_type, acl_name='', perms='', recurse=False)#

Ensure a Linux ACL does not exist

name: The acl path
acl_type: The type of the acl is used for, it can be 'user' or 'group'
acl_name: The user or group
perms: Remove the permissions eg.: rwx
recurse: Set the permissions recursive in the path

salt.states.linux_acl.list_absent(name, acl_type, acl_names=None, recurse=False)#

Ensure a Linux ACL list does not exist

Takes a list of acl names and remove them from the given path

name: The acl path
acl_type: The type of the acl is used for, it can be 'user' or 'group'
acl_names: The list of users or groups
recurse: Set the permissions recursive in the path

salt.states.linux_acl.list_present(name, acl_type, acl_names=None, perms='', recurse=False, force=False)#

Ensure a Linux ACL list is present

Takes a list of acl names and add them to the given path

name: The acl path
acl_type: The type of the acl is used for it can be 'user' or 'group'
acl_names: The list of users or groups
perms: Set the permissions eg.: rwx
recurse: Set the permissions recursive in the path
force: Wipe out old permissions and ensure only the new permissions are set

salt.states.linux_acl.present(name, acl_type, acl_name='', perms='', recurse=False, force=False)#

Ensure a Linux ACL is present

name: The acl path
acl_type: The type of the acl is used for it can be 'user' or 'group'
acl_name: The user or group
perms: Set the permissions eg.: rwx
recurse: Set the permissions recursive in the path
force: Wipe out old permissions and ensure only the new permissions are set

Table of Contents

salt.states.linux_acl#