capabilities – Manage Linux capabilities

Synopsis
Parameters
Notes
Examples
Status

Synopsis

This module manipulates files privileges using the Linux capabilities(7) system.

Parameters

Parameter	Choices/Defaults	Comments
capability string / required		Desired capability to set (with operator and flags, if state is `present`) or remove (if state is `absent`) aliases: cap
path string / required		Specifies the path to the file to be managed. aliases: key
state string	Choices: absent present ←	Whether the entry should be present or absent in the file's capabilities.

Notes

Note

The capabilities system will automatically transform operators and flags into the effective set, so for example, cap_foo=ep will probably become cap_foo+ep.
This module does not attempt to determine the final operator and flags to compare, so you will want to ensure that your capabilities argument matches the final capabilities.

Examples

- name: Set cap_sys_chroot+ep on /foo
  capabilities:
    path: /foo
    capability: cap_sys_chroot+ep
    state: present

- name: Remove cap_net_bind_service from /bar
  capabilities:
    path: /bar
    capability: cap_net_bind_service
    state: absent

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Nate Coraor (@natefoo)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/capabilities_module.html