W3cubDocs

/Ansible

community.general.capabilities – Manage Linux capabilities

Note

This plugin is part of the community.general collection (version 3.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.capabilities.

Synopsis

  • This module manipulates files privileges using the Linux capabilities(7) system.

Parameters

Parameter Choices/Defaults Comments
capability
string / required
Desired capability to set (with operator and flags, if state is present) or remove (if state is absent)

aliases: cap
path
string / required
Specifies the path to the file to be managed.

aliases: key
state
string
    Choices:
  • absent
  • present
Whether the entry should be present or absent in the file's capabilities.

Notes

Note

  • The capabilities system will automatically transform operators and flags into the effective set, so for example, cap_foo=ep will probably become cap_foo+ep.
  • This module does not attempt to determine the final operator and flags to compare, so you will want to ensure that your capabilities argument matches the final capabilities.

Examples

- name: Set cap_sys_chroot+ep on /foo
  community.general.capabilities:
    path: /foo
    capability: cap_sys_chroot+ep
    state: present

- name: Remove cap_net_bind_service from /bar
  community.general.capabilities:
    path: /bar
    capability: cap_net_bind_service
    state: absent

Authors

  • Nate Coraor (@natefoo)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/capabilities_module.html