permissions_posix_acls_absent

Ensure that files or directories has no ACLs set.

⚙️ Compatible targets: Linux

Parameters

NameDocumentation
pathPath of the file or directory.

This parameter is required.
recursiveShould ACLs cleanup be recursive, "true" or "false" (defaults to "false").

Choices:
  • true
  • false

This parameter is optional.

Outcome conditions

You need to replace ${path} with its actual canonified value.

  • ✅ Ok: permissions_posix_acls_absent_${path}_ok
    • ☑️ Already compliant: permissions_posix_acls_absent_${path}_kept
    • 🟨 Repaired: permissions_posix_acls_absent_${path}_repaired
  • ❌ Error: permissions_posix_acls_absent_${path}_error

Example

method: permissions_posix_acls_absent
params:
  path: VALUE
  recursive: 'true'

Documentation

The permissions_*acl_* manage the POSIX ACL on files and directories.

Parameters

Path

Path can be globbing with the following format:

    • matches any filename or directory at one level, e.g. *.cf will match all files in one directory that end in .cf but it won't search across directories. /.cf on the other hand will look two levels deep.
  • ? matches a single letter
  • [a-z] matches any letter from a to z
  • {x,y,anything} will match x or y or anything.
Recursive

Can be:

  • true to apply the given aces to folder and sub-folders and files.
  • or false to apply to the strict match of Path

If left blank, recursivity will automatically be set to false

Example

The method has basically the same effect as setfacl -b <path>.

Given a file with the following getfacl output:

root@server# getfacl /tmp/myTestFile 
getfacl: Removing leading '/' from absolute path names
# file: tmp/myTestFile
# owner: root
# group: root
user::rwx
user:vagrant:rwx
group::r--
mask::rwx
other::---

It will remove all ACLs, and only let classic rights, here:

root@server# getfacl myTestFile 
# file: myTestFile
# owner: root
# group: root
user::rwx
group::r--
other::---

root@server# ls -l myTestFile
-rwxr----- 1 root root 0 Mar 22 11:24 myTestFile
root@server#