permissions_other_acl_present
Verify that the other ace given is present on a file or directory. This method will make sure the given other ace is present in the POSIX ACL of the target for.
⚙️ Compatible targets: Linux
Parameters
Name | Documentation |
---|---|
path | Path of the file or directory. This parameter is required. |
recursive | Recursive Should ACLs cleanup be recursive, "true" or "false" (defaults to "false"). Choices:
This parameter is optional. |
other | ACE to enforce for the given other. This parameter must match ^[+-=]?(?=.*[rwx])r?w?x?$ .This parameter is required. |
Outcome conditions
You need to replace ${path}
with its actual canonified value.
- ✅ Ok:
permissions_other_acl_present_${path}_ok
- ☑️ Already compliant:
permissions_other_acl_present_${path}_kept
- 🟨 Repaired:
permissions_other_acl_present_${path}_repaired
- ☑️ Already compliant:
- ❌ Error:
permissions_other_acl_present_${path}_error
Example
method: permissions_other_acl_present
params:
recursive: 'true'
other: VALUE
path: VALUE
Documentation
The permissions_*acl_*
manage the POSIX ACL on files and directories.
Please note that the mask will be automatically recalculated when editing ACLs.
Parameters
Path
Path can be a regex with the following format:
*
matches any filename or directory at one level, e.g.*.cf
will match all files in one directory that end in .cf but it won't search across directories.*/*.cf
on the other hand will look two levels deep.?
matches a single letter[a-z]
matches any letter from a to z{x,y,anything}
will match x or y or anything.
Recursive
Can be:
true
to apply the given aces to folder and sub-folders and files.- or
false
to apply to the strict match ofPath
If left blank, recursivity will automatically be set to false
Other_ACE
The operator can be:
+
to add the given ACE to the current ones.-
to remove the given ACE to the current ones.=
to force the given ACE to the current ones.empty
if no operator is specified, it will be interpreted as=
.
ACE must respect the classic:
^[+-=]?(?=.*[rwx])r?w?x?$
Example
Given a file with the following getfacl output:
root@server# getfacl /tmp/myTestFile
getfacl: Removing leading '/' from absolute path names
# file: tmp/myTestFile
# owner: root
# group: root
user::rwx
user:bob:rwx
group::r--
mask::rwx
other::r-x
Applying this method with the following parameters:
path
: /tmp/myTestFilerecursive
: falseother ace
: -rw
Will transform the previous ACLs in:
root@server# getfacl /tmp/myTestFile
getfacl: Removing leading '/' from absolute path names
# file: tmp/myTestFile
# owner: root
# group: root
user::rwx
user:bob:rwx
group::r--
mask::rwx
other::--x