permissions_posix_acls_absent
Ensure that files or directories has no ACLs set.
⚙️ Compatible targets: Linux
Parameters
| Name | Documentation |
|---|---|
| path | Path of the file or directory. This parameter is required. |
| recursive | Should ACLs cleanup be recursive, "true" or "false" (defaults to "false"). Choices:
This parameter is optional. |
Outcome conditions
You need to replace ${path} with its actual canonified value.
- ✅ Ok:
permissions_posix_acls_absent_${path}_ok- ☑️ Already compliant:
permissions_posix_acls_absent_${path}_kept - 🟨 Repaired:
permissions_posix_acls_absent_${path}_repaired
- ☑️ Already compliant:
- ❌ Error:
permissions_posix_acls_absent_${path}_error
Example
method: permissions_posix_acls_absent
params:
path: VALUE
recursive: 'true'
Documentation
The permissions_*acl_* manage the POSIX ACL on files and directories.
Parameters
Path
Path can be globbing with the following format:
-
- matches any filename or directory at one level, e.g. *.cf will match all files in one directory that end in .cf but it won't search across directories. /.cf on the other hand will look two levels deep.
- ? matches a single letter
- [a-z] matches any letter from a to z
- {x,y,anything} will match x or y or anything.
Recursive
Can be:
trueto apply the given aces to folder and sub-folders and files.- or
falseto apply to the strict match ofPath
If left blank, recursivity will automatically be set to false
Example
The method has basically the same effect as setfacl -b <path>.
Given a file with the following getfacl output:
root@server# getfacl /tmp/myTestFile
getfacl: Removing leading '/' from absolute path names
# file: tmp/myTestFile
# owner: root
# group: root
user::rwx
user:vagrant:rwx
group::r--
mask::rwx
other::---
It will remove all ACLs, and only let classic rights, here:
root@server# getfacl myTestFile
# file: myTestFile
# owner: root
# group: root
user::rwx
group::r--
other::---
root@server# ls -l myTestFile
-rwxr----- 1 root root 0 Mar 22 11:24 myTestFile
root@server#