Taz Brown (from Red Hat) wrote this post in which she explains how automating ACL management with Ansible’s ACL module is a smart way to strengthen your security strategy.
ACLs allow regular users to share their files and directories selectively with other users and groups. With ACLs, a user can grant others the ability to read, write, and execute files and directories without leaving those filesystem elements open.
Ansible can play nicely with ACLs, just as it does with a lot of features, utilities, APIs, etc. Ansible has an out-of-the-box ACL module that allows you to create playbooks/roles around granting a user access to a file, removing ACLs for users on a specific file, setting default ACLs for users on files, or obtaining ACLs on particular files.
You will also get an example Ansible playbook which can scale across your infrastructure to increase speed, improve efficiency, and reduce the time it takes to achieve your goals. Applying ACLs to files and users is a practice you should take seriously in your role as a DevOps engineer. Great![Read More]