SUMMARY
The ACL module incorrectly detects changes when processing multiple files. If any file is reported as unchanged, the function acl_changed() returns False, causing Ansible to skip applying ACL changes to other files that do require modifications.
ISSUE TYPE
COMPONENT NAME
plugins/modules/acl.py
ANSIBLE VERSION
ansible [core 2.18.6]
config file = /home/matla/Code/deso/DevOps/infra-config/ansible/ovh/ansible.cfg
configured module search path = ['/home/matla/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /nix/store/46jyjvxfhh0gx9iwazci25gz0n5px2yx-python3.13-ansible-core-2.18.6/lib/python3.13/site-packages/ansible
ansible collection location = /home/matla/.ansible/collections:/usr/share/ansible/collections
executable location = /nix/store/46jyjvxfhh0gx9iwazci25gz0n5px2yx-python3.13-ansible-core-2.18.6/bin/ansible
python version = 3.13.5 (main, Jun 11 2025, 15:36:57) [GCC 14.3.0] (/nix/store/djck7mx6jad1w0yy6zings96dyxanls6-python3-3.13.5/bin/python3.13)
jinja version = 3.1.6
libyaml = True
COLLECTION VERSION
Collection Version
------------- -------
ansible.posix 1.6.2
CONFIGURATION
OS / ENVIRONMENT
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
STEPS TO REPRODUCE
Run the ansible.posix.acl module on a directory containing multiple files where:
at least one file already has the desired ACL
at least one file has different ACL and requires a change
Minimal example:
tasks:
- name: create dir
ansible.builtin.file:
path: "/tmp/testAclDir"
state: directory
mode: '0755'
- name: create file
ansible.builtin.copy:
dest: "/tmp/testAclDir/txt.txt"
mode: '0440'
content: "hw"
- name: acl 1
ansible.posix.acl:
path: "/tmp/testAclDir"
entity: test
etype: user
permissions: rX
state: present
recursive: true
- name: acl 2
ansible.posix.acl:
path: "/tmp/testAclDir"
entity: test
etype: user
permissions: r
state: present
recursive: true
expecting acl 2 change /tmp/testAclDir to r but is still rX
EXPECTED RESULTS
If any file requires an ACL update, the module should return changed=True and apply the change to all relevant files.
ACTUAL RESULTS
The module returns changed=False if any file output ends with , (meaning “no change”), even if other files do require ACL updates.
Relevant code:
for line in lines:
if line.endswith('*,*') and not use_nfsv4_acls:
return False
Here:
line.endswith(',') indicates “no change”
if any line indicates no change, the function returns False
This reverses the intended logic.
Instead of:
“If at least one file needs a change → return True”
the module behaves as:
“If at least one file does NOT need a change → return False”
In commit c353e43, the logic appears to have been accidentally inverted.
SUMMARY
The ACL module incorrectly detects changes when processing multiple files. If any file is reported as unchanged, the function acl_changed() returns False, causing Ansible to skip applying ACL changes to other files that do require modifications.
ISSUE TYPE
COMPONENT NAME
plugins/modules/acl.py
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
STEPS TO REPRODUCE
Run the ansible.posix.acl module on a directory containing multiple files where:
at least one file already has the desired ACL
at least one file has different ACL and requires a change
Minimal example:
expecting acl 2 change /tmp/testAclDir to r but is still rX
EXPECTED RESULTS
If any file requires an ACL update, the module should return changed=True and apply the change to all relevant files.
ACTUAL RESULTS
The module returns changed=False if any file output ends with , (meaning “no change”), even if other files do require ACL updates.
Relevant code:
Here:
line.endswith(',') indicates “no change”
if any line indicates no change, the function returns False
This reverses the intended logic.
Instead of:
“If at least one file needs a change → return True”
the module behaves as:
“If at least one file does NOT need a change → return False”
In commit c353e43, the logic appears to have been accidentally inverted.