Ansible Set File Permissions 755: chmod with file Module Guide
By Luca Berton · Published 2024-01-01 · Category: troubleshooting
How to set file permissions with Ansible file module. Add execute permission (755, 644, 600), manage ownership, and apply permissions recursively.
How to Add Execute Permission 755 on Linux file with Ansible?
I'm going to show you a live Playbook and some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot.See also: Ansible chmod: Change File Permissions with file Module (Guide)
Ansible Add Execute Permission
•ansible.builtin.file
• Manage files and file properties
Today we're talking about the Ansible module file.
The full name is ansible.builtin.file, which means that is part of the collection of modules "builtin" with ansible and shipped with it.
It's a module pretty stable and out for years.
It works in a different variety of operating systems.
It manages files and file properties.
For Windows targets, use the ansible.windows.win_file module instead.
Main Parameters
•path _string_ (dest, name) - file path
• owner _string_ - user
• group _string_ - group
• mode _raw_ - Ex: '0644' or 'u=rw,g=r,o=r'
• state _string_ - file, absent, directory, hard, link, touch
• setype/seuser/selevel - SELinux
This module has some parameters to perform any tasks.
The only required is "path", where you specify the filesystem path of the file you're going to edit.
The parameter "owner" set the user that should own the file/directory.
The parameter "group" set the group that should own the file/directory.
The parameter "mode" set the permissions in the UNIX way of the file/directory.
The state defines the type of object we are modifying, the default is "file" but we could handle also directories, hard links, symlinks, or only update the access time with the "touch" option.
Let me also highlight that we could also specify the SELinux properties.
See also: Ansible Create Symlink: file Module with state=link (Guide)
Links
• ansible.builtin.file## Playbook
How to Add Execute Permission 755 file on Linux with Ansible Playbook.
I'm going to show you how to set the chmod +x of an example.sh Linux file with Ansible.
code
• file_permission.yml---
- name: file module demo
hosts: all
vars:
myscript: "~/example.sh"
tasks:
- name: set execution permission
ansible.builtin.file:
dest: "{{ myscript }}"
mode: 'a+x'#!/bin/bash
echo "Hello World"execution
ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory file_management/file_permission.yml
PLAY [file module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [set execution permission] *******************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ansible-pilot $idempotency
ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory file_management/file_permission.yml
PLAY [file module demo] ***************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [set execution permission] *******************************************************************
ok: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
ansible-pilot $before execution
ansible-pilot $ ssh devops@demo.example.com
Last login: Wed Mar 30 13:38:46 2022 from 192.168.0.59
[devops@demo ~]$ cat example.sh
#!/bin/bash
echo "Hello World"
[devops@demo ~]$[devops@demo ~]$ ls -al example.sh
-rw-r--r--. 1 devops wheel 31 Mar 30 13:39 example.sh
[devops@demo ~]$after execution
ansible-pilot $ ssh devops@demo.example.com
Last login: Wed Mar 30 13:40:36 2022 from 192.168.0.59
[devops@demo ~]$ ls -al example.sh
-rwxr-xr-x. 1 devops wheel 31 Mar 30 13:39 example.sh
[devops@demo ~]$ ./example.sh
Hello World
[devops@demo ~]$ cat example.sh
#!/bin/bash
echo "Hello World"Conclusion
Now you know how to Add Execute Permission 755 for a file on Linux.
See also: Ansible Create File with Content: copy Module content Parameter
Set 755 (Execute Permission)
- name: Make script executable
ansible.builtin.file:
path: /opt/scripts/deploy.sh
mode: '0755'
become: trueCommon Permission Patterns
# Executable script (rwxr-xr-x)
- file: { path: /opt/scripts/backup.sh, mode: '0755' }
# Config file (rw-r--r--)
- file: { path: /etc/myapp/config.yml, mode: '0644' }
# Private key (rw-------)
- file: { path: /home/deploy/.ssh/id_rsa, mode: '0600' }
# Shared directory (rwxrwxr-x)
- file: { path: /opt/shared, mode: '0775', state: directory }
# Secret file (rw-r-----)
- file: { path: /etc/ssl/private/cert.key, mode: '0640' }
Set Permissions on Multiple Files
- name: Make all scripts executable
ansible.builtin.file:
path: "{{ item }}"
mode: '0755'
loop:
- /opt/scripts/deploy.sh
- /opt/scripts/backup.sh
- /opt/scripts/healthcheck.sh
become: trueUsing fileglob
- name: Find all .sh files
ansible.builtin.find:
paths: /opt/scripts
patterns: "*.sh"
register: scripts
- name: Make all executable
ansible.builtin.file:
path: "{{ item.path }}"
mode: '0755'
loop: "{{ scripts.files }}"
become: true
Recursive Permissions
# Set directory permissions recursively
- ansible.builtin.file:
path: /opt/myapp
owner: appuser
group: appgroup
mode: '0755'
recurse: true
become: trueSymbolic Mode
# Add execute for owner
- file: { path: /opt/script.sh, mode: 'u+x' }
# Add execute for all
- file: { path: /opt/script.sh, mode: 'a+x' }
# Remove write for group/other
- file: { path: /etc/config, mode: 'go-w' }
Separate File/Directory Permissions
# Files: 644, Directories: 755 (common web pattern)
- name: Set directory permissions
ansible.builtin.command: find /var/www/html -type d -exec chmod 755 {} \;
become: true
- name: Set file permissions
ansible.builtin.command: find /var/www/html -type f -exec chmod 644 {} \;
become: true
Permission Reference
| Octal | Symbolic | Meaning |
|-------|----------|---------|
| 0755 | rwxr-xr-x | Executable by all, writable by owner |
| 0644 | rw-r--r-- | Readable by all, writable by owner |
| 0600 | rw------- | Owner only (keys, secrets) |
| 0700 | rwx------ | Owner only, executable |
| 0775 | rwxrwxr-x | Group writable + executable |
| 0640 | rw-r----- | Owner write, group read |
| 0440 | r--r----- | Read only (sudoers) |
FAQ
Why quote mode as '0755'?
YAML interprets unquoted 0755 as decimal 493. Always quote: mode: '0755'
How do I check current permissions?
- ansible.builtin.stat:
path: /opt/script.sh
register: file_info
- debug: msg="{{ file_info.stat.mode }}"What about setuid/setgid/sticky bit?
mode: '4755' # setuid (run as owner)
mode: '2755' # setgid (inherit group)
mode: '1777' # sticky bit (like /tmp)Set 755 (rwxr-xr-x)
- ansible.builtin.file:
path: /opt/scripts/deploy.sh
mode: '0755'
become: trueCommon Permission Modes
# 755 — Owner: rwx, Group/Other: rx (scripts, directories)
- file: { path: /opt/scripts/run.sh, mode: '0755' }
# 644 — Owner: rw, Group/Other: r (config files)
- file: { path: /etc/myapp/config.yml, mode: '0644' }
# 600 — Owner: rw only (secrets, private keys)
- file: { path: /etc/ssl/private/key.pem, mode: '0600' }
# 700 — Owner: rwx only (private directories)
- file: { path: /root/.ssh, mode: '0700' }
# 444 — Read only for everyone
- file: { path: /etc/myapp/license.txt, mode: '0444' }
Symbolic Mode
# Add execute for owner
- file: { path: /opt/script.sh, mode: 'u+x' }
# Add execute for all
- file: { path: /opt/script.sh, mode: 'a+x' }
# Remove write from group and other
- file: { path: /etc/config.yml, mode: 'go-w' }
# Set exact: owner rwx, group rx, other rx
- file: { path: /opt/script.sh, mode: 'u=rwx,go=rx' }
Set Owner and Group
- file:
path: /opt/myapp
owner: appuser
group: appgroup
mode: '0755'
state: directory
become: trueRecursive Permissions
# Set directory permissions recursively
- file:
path: /opt/myapp
owner: appuser
group: appgroup
mode: '0755'
recurse: true
state: directory
become: trueDifferent Permissions for Files vs Dirs
# Directories: 755
- command: find /opt/myapp -type d -exec chmod 755 {} \;
become: true
# Files: 644
- command: find /opt/myapp -type f -exec chmod 644 {} \;
become: true
# Scripts only: 755
- command: find /opt/myapp/bin -type f -name "*.sh" -exec chmod 755 {} \;
become: true
Set Permissions on Copy
# copy module sets permissions automatically
- copy:
src: deploy.sh
dest: /opt/scripts/deploy.sh
mode: '0755'
owner: root
become: true
# template too
- template:
src: config.j2
dest: /etc/myapp/config.yml
mode: '0644'
become: true
Multiple Files
- file:
path: "{{ item.path }}"
mode: "{{ item.mode }}"
owner: "{{ item.owner | default('root') }}"
loop:
- { path: /opt/scripts/deploy.sh, mode: '0755' }
- { path: /opt/scripts/backup.sh, mode: '0755' }
- { path: /etc/myapp/config.yml, mode: '0644' }
- { path: /etc/myapp/secrets.yml, mode: '0600' }
become: trueSpecial Bits
# Setuid (4xxx) — run as file owner
- file: { path: /usr/local/bin/app, mode: '4755' }
# Setgid (2xxx) — inherit group
- file: { path: /opt/shared, mode: '2775', state: directory }
# Sticky bit (1xxx) — only owner can delete
- file: { path: /tmp/shared, mode: '1777', state: directory }
FAQ
Why quote the mode ('0755' not 0755)?
YAML interprets unquoted 0755 as octal integer (493). Quoting ensures it's passed as a string and interpreted correctly.
How to check current permissions?
- stat: { path: /opt/script.sh }
register: file_info
- debug: { msg: "{{ file_info.stat.mode }}" }recurse only works on directories?
recurse: true requires state: directory. It sets the same permissions on ALL files and subdirectories — use find + command for different file/dir permissions.
Related Articles
• organizing hosts with Ansible inventory • ansible.builtin.file guide • Windows management with AnsibleCategory: troubleshooting
Watch the video: Ansible Set File Permissions 755: chmod with file Module Guide — Video Tutorial