Rudder techniques

permissions_posix_acl_entry_parent

Ensure ACL on a file or folder and all its parent folders.

⚙️ Compatible targets: Linux

Parameters

Outcome conditions

You need to replace ${path} with its actual canonified value.

• ✅ Ok: permissions_posix_acl_entry_parent_${path}_ok
  • ☑️ Already compliant: permissions_posix_acl_entry_parent_${path}_kept
  • 🟨 Repaired: permissions_posix_acl_entry_parent_${path}_repaired
• ❌ Error: permissions_posix_acl_entry_parent_${path}_error

Example

method: permissions_posix_acl_entry_parent
params:
  parent_permissions_group: OPTIONAL_VALUE
  recursive: 'true'
  other: OPTIONAL_VALUE
  parent_permissions_other: OPTIONAL_VALUE
  parent_permissions_user: OPTIONAL_VALUE
  user: OPTIONAL_VALUE
  group: OPTIONAL_VALUE
  path: VALUE

Documentation

Ensure ACL on a file or folder and all its parent folders.

Force the given ACL on the target path (supports globbing).

• If recursive is set to true, the permissions will be applied to every files and folder under the resolved path input.
• If the parent_permissions_* inputs are not empty, they will be applied to every parent folders to the resolved path input, excepting the root folder /.
• ACL inputs are expected to be comma separated, and to follow this schema:
  • myuser:wx to force the ACL entry
  • myuser:+wx to edit the ACL without enforcing them all

If the path input resolves to /this/is/my/path/mylogfile, parent folders permissions will be applied to:

/this
/this/is
/this/is/my
/this/is/my/path/

Examples:

-name: Allows bob to write in its logfile
 method: permissions_posix_acl_entry_parent
   path: /this/is/my/path/mylogfile
   recursive: false
   user: "bob:rwx"
   parent_permissions_user: "bob:rx"

-name: Allows Bob and Alice to write in its logfile
 method: permissions_posix_acl_entry_parent
   path: /this/is/my/path/mylogfile
   recursive: false
   user: "bob:rwx,alice:+rwx"
   parent_permissions_user: "bob:rx,alice:rx"