permissions_posix_acl_entry_parent

Ensure ACL on a file or folder and all its parent folders.

⚙️ Compatible targets: Linux

Parameters

NameDocumentation
pathPath of the file or directory.

This parameter is required.
recursiveRecursive Should ACLs cleanup be recursive, "true" or "false" (defaults to "false").

Choices:
  • true
  • false

This parameter is optional.
userUser acls, comma separated, like: bob:+rwx, alice:-w.

This parameter is optional.
groupGroup acls, comma separated, like: wheel:+wx, anon:-rwx.

This parameter is optional.
otherOther acls, like -x.

This parameter is optional.
parent_permissions_userUser acls, comma separated, like: bob:+rwx, alice:-w.

This parameter is optional.
parent_permissions_groupGroup acls, comma separated, like: wheel:+wx, anon:-rwx.

This parameter is optional.
parent_permissions_otherOther acls, like -x.

This parameter is optional.

Outcome conditions

You need to replace ${path} with its actual canonified value.

  • ✅ Ok: permissions_posix_acl_entry_parent_${path}_ok
    • ☑️ Already compliant: permissions_posix_acl_entry_parent_${path}_kept
    • 🟨 Repaired: permissions_posix_acl_entry_parent_${path}_repaired
  • ❌ Error: permissions_posix_acl_entry_parent_${path}_error

Example

method: permissions_posix_acl_entry_parent
params:
  parent_permissions_group: OPTIONAL_VALUE
  recursive: 'true'
  other: OPTIONAL_VALUE
  parent_permissions_other: OPTIONAL_VALUE
  parent_permissions_user: OPTIONAL_VALUE
  user: OPTIONAL_VALUE
  group: OPTIONAL_VALUE
  path: VALUE

Documentation

Ensure ACL on a file or folder and all its parent folders.

Force the given ACL on the target path (supports globbing).

  • If recursive is set to true, the permissions will be applied to every files and folder under the resolved path input.
  • If the parent_permissions_* inputs are not empty, they will be applied to every parent folders to the resolved path input, excepting the root folder /.
  • ACL inputs are expected to be comma separated, and to follow this schema:
    • myuser:wx to force the ACL entry
    • myuser:+wx to edit the ACL without enforcing them all

If the path input resolves to /this/is/my/path/mylogfile, parent folders permissions will be applied to:

/this
/this/is
/this/is/my
/this/is/my/path/

Examples:

-name: Allows bob to write in its logfile
 method: permissions_posix_acl_entry_parent
   path: /this/is/my/path/mylogfile
   recursive: false
   user: "bob:rwx"
   parent_permissions_user: "bob:rx"

-name: Allows Bob and Alice to write in its logfile
 method: permissions_posix_acl_entry_parent
   path: /this/is/my/path/mylogfile
   recursive: false
   user: "bob:rwx,alice:+rwx"
   parent_permissions_user: "bob:rx,alice:rx"