Author: | Nate Coraor <nate@bx.psu.edu> |
---|
New in version 1.6.
This module manipulates files privileges using the Linux capabilities(7) system.
parameter | required | default | choices | comments |
---|---|---|---|---|
capability | yes | Desired capability to set (with operator and flags, if state is present ) or remove (if state is absent ) |
||
path | yes | Specifies the path to the file to be managed. | ||
state | no | present |
|
Whether the entry should be present or absent in the file's capabilities. |
# Set cap_sys_chroot+ep on /foo
- capabilities: path=/foo capability=cap_sys_chroot+ep state=present
# Remove cap_net_bind_service from /bar
- capabilities: path=/bar capability=cap_net_bind_service state=absent
Note
The capabilities system will automatically transform operators and flags into the effective set, so (for example, cap_foo=ep will probably become cap_foo+ep). This module does not attempt to determine the final operator and flags to compare, so you will want to ensure that your capabilities argument matches the final capabilities.