acl

acl.yaml

@@ -0,0 +1,18 @@
+---
+
+- hosts: kita-stjs-8
+  remote_user: root
+  tasks:
+
+    - name: debian packages
+      apt:
+        pkg: acl
+
+    - name: setacl script
+      template:
+        src: setacl.sh.j2
+        dest: /root/setacl.sh
+        mode: u=rwx
+
+    - name: run setacl script
+      command: /root/setacl.sh

templates/setacl.sh.j2

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+{% for folder in shared_folders.keys() | list %}
+# {{folder}}
+
+mkdir -p "{{folder}}"
+
+{% if shared_folders[folder].owner is defined %}
+chown \
+{% if shared_folders[folder].recursive is defined and shared_folders[folder].recursive %}
+-R \
+{% endif %}
+"{{shared_folders[folder].owner}}" "{{folder}}"
+{% endif %}
+{% if shared_folders[folder].group is defined %}
+chgrp \
+{% if shared_folders[folder].recursive is defined and shared_folders[folder].recursive %}
+-R \
+{% endif %}
+"{{shared_folders[folder].group}}" "{{folder}}"
+{% endif %}
+
+{% if shared_folders[folder].acls is defined %}
+setfacl --remove-all \
+{% if shared_folders[folder].recursive is defined and shared_folders[folder].recursive %}
+--recursive \
+{% endif %}
+-m user::rwX \
+-m group::--- \
+-m other::--- \
+{% for acl in shared_folders[folder].acls %}
+-m {{acl}} \
+{% endfor %}
+"{{folder}}"
+
+setfacl --default \
+{% if shared_folders[folder].recursive is defined and shared_folders[folder].recursive %}
+--recursive \
+{% endif %}
+-m user::rwx \
+-m group::--- \
+-m other::--- \
+{% for acl in shared_folders[folder].acls %}
+-m {{acl}} \
+{% endfor %}
+"{{folder}}"
+{% endif %}
+
+{% endfor %}