community.general.capabilities module – Manage Linux capabilities

Note

This module is part of the community.general collection (version 9.4.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.capabilities.

Synopsis

• This module manipulates files privileges using the Linux capabilities(7) system.

Parameters

Parameter	Comments
capability aliases: cap string / required	Desired capability to set (with operator and flags, if state=present) or remove (if state=absent)
path aliases: key string / required	Specifies the path to the file to be managed.
state string	Whether the entry should be present or absent in the file’s capabilities. Choices: "absent" "present" ← (default)

Attributes

Attribute	Support	Description
check_mode	Support: full	Can run in check_mode and return changed status prediction without modifying target.
diff_mode	Support: none	Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Notes

Note

• The capabilities system will automatically transform operators and flags into the effective set, so for example, cap_foo=ep will probably become cap_foo+ep.

• This module does not attempt to determine the final operator and flags to compare, so you will want to ensure that your capabilities argument matches the final capabilities.

Examples

- name: Set cap_sys_chroot+ep on /foo
  community.general.capabilities:
    path: /foo
    capability: cap_sys_chroot+ep
    state: present

- name: Remove cap_net_bind_service from /bar
  community.general.capabilities:
    path: /bar
    capability: cap_net_bind_service
    state: absent

Authors

• Nate Coraor (@natefoo)

Collection links

• Issue Tracker
• Repository (Sources)
• Ask for help
• Submit a bug report
• Request a feature
• Communication