salt.states.linux_acl

Linux File Access Control Lists

The Linux ACL state module requires the getfacl and setfacl binaries.

Ensure a Linux ACL is present

root:
  acl.present:
    - name: /root
    - acl_type: user
    - acl_name: damian
    - perms: rwx

Ensure a Linux ACL is present as a default for all new objects

root:
  acl.present:
    - name: /root
    - acl_type: "default:user"
    - acl_name: damian
    - perms: rwx

Ensure a Linux ACL does not exist

root:
  acl.absent:
    - name: /root
    - acl_type: user
    - acl_name: damian
    - perms: rwx

Ensure a Linux ACL list is present

root:
  acl.list_present:
    - name: /root
    - acl_type: user
    - acl_names:
      - damian
      - homer
    - perms: rwx

Ensure a Linux ACL list does not exist

root:
  acl.list_absent:
    - name: /root
    - acl_type: user
    - acl_names:
      - damian
      - homer
    - perms: rwx

Warning

The effective permissions of Linux file access control lists (ACLs) are governed by the "effective rights mask" (the mask line in the output of the getfacl command) combined with the perms set by this module: any permission bits (for example, r=read) present in an ACL but not in the mask are ignored. The mask is automatically recomputed when setting an ACL, so normally this isn't important. However, if the file permissions are changed (with chmod or file.managed, for example), the mask will generally be set based on just the group bits of the file permissions.

As a result, when using file.managed or similar to control file permissions as well as this module, you should set your group permissions to be at least as broad as any permissions in your ACL. Otherwise, the two state declarations will each register changes each run, and if the file declaration runs later, your ACL will be ineffective.

salt.states.linux_acl.absent(name, acl_type, acl_name='', perms='', recurse=False)

Ensure a Linux ACL does not exist

name

The acl path

acl_type

The type of the acl is used for, it can be 'user' or 'group'

acl_name

The user or group

perms

Remove the permissions eg.: rwx

recurse

Set the permissions recursive in the path

salt.states.linux_acl.list_absent(name, acl_type, acl_names=None, recurse=False)

Ensure a Linux ACL list does not exist

Takes a list of acl names and remove them from the given path

name

The acl path

acl_type

The type of the acl is used for, it can be 'user' or 'group'

acl_names

The list of users or groups

perms

Remove the permissions eg.: rwx

recurse

Set the permissions recursive in the path

salt.states.linux_acl.list_present(name, acl_type, acl_names=None, perms='', recurse=False, force=False)

Ensure a Linux ACL list is present

Takes a list of acl names and add them to the given path

name

The acl path

acl_type

The type of the acl is used for it can be 'user' or 'group'

acl_names

The list of users or groups

perms

Set the permissions eg.: rwx

recurse

Set the permissions recursive in the path

force

Wipe out old permissions and ensure only the new permissions are set

salt.states.linux_acl.present(name, acl_type, acl_name='', perms='', recurse=False, force=False)

Ensure a Linux ACL is present

name

The acl path

acl_type

The type of the acl is used for it can be 'user' or 'group'

acl_name

The user or group

perms

Set the permissions eg.: rwx

recurse

Set the permissions recursive in the path

force

Wipe out old permissions and ensure only the new permissions are set