permissions_other_acl_present

Verify that the other ace given is present on a file or directory. This method will make sure the given other ace is present in the POSIX ACL of the target for.

⚙️ Compatible targets: Linux

Parameters

NameDocumentation
pathPath of the file or directory.

This parameter is required.
recursiveRecursive Should ACLs cleanup be recursive, "true" or "false" (defaults to "false").

Choices:
  • true
  • false

This parameter is optional.
otherACE to enforce for the given other.

This parameter must match ^[+-=]?(?=.*[rwx])r?w?x?$.
This parameter is required.

Outcome conditions

You need to replace ${path} with its actual canonified value.

  • ✅ Ok: permissions_other_acl_present_${path}_ok
    • ☑️ Already compliant: permissions_other_acl_present_${path}_kept
    • 🟨 Repaired: permissions_other_acl_present_${path}_repaired
  • ❌ Error: permissions_other_acl_present_${path}_error

Example

method: permissions_other_acl_present
params:
  recursive: 'true'
  path: VALUE
  other: VALUE

Documentation

The permissions_*acl_* manage the POSIX ACL on files and directories.

Please note that the mask will be automatically recalculated when editing ACLs.

Parameters

Path

Path can be a regex with the following format:

  • * matches any filename or directory at one level, e.g. *.cf will match all files in one directory that end in .cf but it won't search across directories. */*.cf on the other hand will look two levels deep.
  • ? matches a single letter
  • [a-z] matches any letter from a to z
  • {x,y,anything} will match x or y or anything.
Recursive

Can be:

  • true to apply the given aces to folder and sub-folders and files.
  • or false to apply to the strict match of Path

If left blank, recursivity will automatically be set to false

Other_ACE

The operator can be:

  • + to add the given ACE to the current ones.
  • - to remove the given ACE to the current ones.
  • = to force the given ACE to the current ones.
  • empty if no operator is specified, it will be interpreted as =.

ACE must respect the classic:

  • ^[+-=]?(?=.*[rwx])r?w?x?$

Example

Given a file with the following getfacl output:

root@server# getfacl /tmp/myTestFile 
getfacl: Removing leading '/' from absolute path names
# file: tmp/myTestFile
# owner: root
# group: root
user::rwx
user:bob:rwx
group::r--
mask::rwx
other::r-x

Applying this method with the following parameters:

  • path: /tmp/myTestFile
  • recursive: false
  • other ace: -rw

Will transform the previous ACLs in:

root@server# getfacl /tmp/myTestFile 
getfacl: Removing leading '/' from absolute path names
# file: tmp/myTestFile
# owner: root
# group: root
user::rwx
user:bob:rwx
group::r--
mask::rwx
other::--x