permissions_user_acl_absent
Verify that an ace is absent on a file or directory for a given user. This method will make sure that no ace is present in the POSIX ACL of the target.
⚙️ Compatible targets: Linux
Parameters
Name | Documentation |
---|---|
path | Path of the file or directory. This parameter is required. |
recursive | Recursive Should ACLs cleanup be recursive, "true" or "false" (defaults to "false"). Choices:
This parameter is optional. |
user | Username of the Linux account. This parameter is required. |
Outcome conditions
You need to replace ${path}
with its actual canonified value.
- ✅ Ok:
permissions_user_acl_absent_${path}_ok
- ☑️ Already compliant:
permissions_user_acl_absent_${path}_kept
- 🟨 Repaired:
permissions_user_acl_absent_${path}_repaired
- ☑️ Already compliant:
- ❌ Error:
permissions_user_acl_absent_${path}_error
Example
method: permissions_user_acl_absent
params:
recursive: 'true'
user: VALUE
path: VALUE
Documentation
The permissions_*acl_*
manage the POSIX ACL on files and directories.
Please note that the mask will be automatically recalculated when editing ACLs.
Parameters
Path
Path can be a regex with the following format:
*
matches any filename or directory at one level, e.g.*.cf
will match all files in one directory that end in .cf but it won't search across directories.*/*.cf
on the other hand will look two levels deep.?
matches a single letter[a-z]
matches any letter from a to z{x,y,anything}
will match x or y or anything.
Recursive
Can be:
true
to apply the given aces to folder and sub-folders and files.- or
false
to apply to the strict match ofPath
If left blank, recursivity will automatically be set to false
User
Username
to enforce the ace absence, being the Linux account name.
This method can only handle one username.
Example
Given a file with the following getfacl output:
root@server# getfacl /tmp/myTestFile
getfacl: Removing leading '/' from absolute path names
# file: tmp/myTestFile
# owner: root
# group: root
user::rwx
user:bob:rwx
group::r--
mask::rwx
other::---
Applying this method with the following parameters:
path
: /tmp/myTestFilerecursive
: falseuser
: bob
Will transform the previous ACLs in:
root@server# getfacl /tmp/myTestFile
getfacl: Removing leading '/' from absolute path names
# file: tmp/myTestFile
# owner: root
# group: root
user::rwx
group::r--
mask::r--
other::---