What you'll learn
- How to change file or directory permission with Ansible?
- Ansible change file/directory permission
- Main Parameters
- code
- Conclusion
- Permission Format Options
- Octal notation (recommended)
- Symbolic notation
- Common Permission Patterns
- Advanced Examples
How to change file or directory permission with Ansible?
Ansible change file/directory permission
Today we're talking about the Ansible module `file`.
The full name is `ansible.builtin.file`, which means that is part of the collection of modules "builtin" with ansible and shipped with it.
It's a module pretty stable and out for years.
It works in a different variety of operating systems.
It manages files and file properties.
For Windows targets, use the `ansible.windows.win_file` module instead.
Main Parameters
- path _string_ (dest, name) - file path
- owner _string_ - user
- group _string_ - group
- mode _raw_ - Ex: '0644' or 'u=rw,g=r,o=r'
- state _string_ - file/absent/directory/hard/link/touch
- setype/seuser/selevel - SELinux
This module has some parameters to perform any tasks.
The only required is "path", where you specify the filesystem path of the file you're going to edit.
The parameter "owner" sets the user that should own the file/directory.
The parameter "group" sets the group that should own the file/directory.
The parameter "mode" sets the permissions in the UNIX way of the file/directory.
The state defines the type of object we are modifying, the default is "file" but we could handle also directories, hardlink, symlink, or only update the access time with the "touch" option.
Let me also highlight that we could also specify the SELinux properties.
## Playbook
Let's jump in a real-life playbook to change file permission with Ansible.
code
- file.yml
```yaml
---
- name: file module demo
hosts: all
vars:
myfile: "/home/devops/test.txt"
become: false
tasks:
- name: check permission
ansible.builtin.file:
path: "{{ myfile }}"
owner: "devops"
group: "users"
mode: '0777'
```
[code with ❤️ in GitHub](https://github.com/lucab85/ansible-pilot/tree/master/change%20permission)
Conclusion
Now you know how to change file or directory permission with Ansible.
Permission Format Options
Ansible accepts permissions in two formats:
Octal notation (recommended)
```yaml
- name: Set file to 644
ansible.builtin.file:
path: /etc/myapp/config.yml
mode: '0644' # Always quote and include leading 0
become: true
```
Symbolic notation
```yaml
- name: Set file permissions symbolically
ansible.builtin.file:
path: /etc/myapp/config.yml
mode: 'u=rw,g=r,o=r' # Same as 0644
become: true
```
Common Permission Patterns
| Octal | Symbolic | Meaning | Use Case |
|-------|----------|---------|----------|
| `0644` | `u=rw,g=r,o=r` | Owner read/write, others read | Config files |
| `0755` | `u=rwx,g=rx,o=rx` | Owner full, others read/execute | Scripts, directories |
| `0600` | `u=rw,g=,o=` | Owner only | Secrets, SSH keys |
| `0700` | `u=rwx,g=,o=` | Owner only (executable) | Private scripts |
| `0444` | `u=r,g=r,o=r` | Read-only for everyone | Reference files |
| `0775` | `u=rwx,g=rwx,o=rx` | Owner+group full | Shared directories |
Advanced Examples
Change ownership an