acl fails on openSUSE Leap 15.6 due to incompatible setfacl behavior #662
Description
SUMMARY
The ansible.posix.acl module fails on OpenSUSE Leap 15.6 when attempting to apply a user ACL using valid parameters. This failure appears to stem from how the module checks whether an ACL needs to be changed, which involves invoking setfacl in a way that triggers a parsing error. The same task works correctly on other Linux distributions including OpenSUSE Tumbleweed, Fedora, Debian, Ubuntu, Arch Linux, Alpine Linux, Rocky, RHEL
This issue was identified as part of a research project focused on improving the reliability and portability of Ansible modules.
ISSUE TYPE
- Bug Report
COMPONENT NAME
acl
ANSIBLE VERSION
ansible [core 2.18.3]
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /venv3.12/lib/python3.12/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /venv3.12/bin/ansible
python version = 3.12.3 (main, Feb 4 2025, 14:48:35) [GCC 13.3.0] (/venv3.12/bin/python)
jinja version = 3.1.6
libyaml = True
COLLECTION VERSION
Collection Version
---------------------------------------- -------
ansible.posix 1.6.2
OS / ENVIRONMENT
OpenSUSE Leap 15.6
STEPS TO REPRODUCE
Run the following playbook on OpenSUSE Leap 15.6:
- hosts: localhost
gather_facts: false
tasks:
- name: Create test file
ansible.builtin.copy:
dest: /tmp/acl_file
content: "ACL"
- name: Add user 'foo' ACL
ansible.posix.acl:
path: /tmp/acl_file
etype: user
entity: foo
permissions: r
state: present
ignore_errors: trueEXPECTED RESULTS
In all other tested OSes (Ubuntu, Debian, Arch Linux, RHEL, Rocky, Fedora, Alpine, openSUSE Tumbleweed), the task succeeds:
TASK [acl : Create test file ] ***************************
changed: [testhost]
TASK [acl : Add user 'foo' ACL] *****************************
changed: [testhost]
I would expect the task to also work on openSUSE Leap or at least handle the discrepancy in setfacl more gracefully.
ACTUAL RESULTS
TASK [acl : Create test file] ***************************
changed: [testhost]
TASK [acl : Add user 'foo' ACL] *****************************
fatal: [testhost]: FAILED! => {"changed": false, "cmd": "/usr/bin/setfacl --test -m user:foo:r /tmp/acl_file", "msg": "setfacl: Option -m: Invalid argument near character 6", "rc": 2, "stderr": "setfacl: Option -m: Invalid argument near character 6\n", "stderr_lines": ["setfacl: Option -m: Invalid argument near character 6"], "stdout": "", "stdout_lines": []}
...ignoring