http://serverfault.com/q/610322/227777
tasks:
- stat: path=/etc/somefile.conf
register: st
- template: src=somefile.j2 dest=/etc/somefile.conf
when: not st.stat.exists
tasks:
- name: Removing all ACL entries
shell: setfacl -R --remove-all {{ path }}
- name: Adding ACL entries
shell: setfacl -R -m u:{{ username }}:rX {{ path }}
- name: Adding default ACL entries
shell: setfacl -d -R -m u:{{ username }}:rX {{ path }}
Ansible provides an actual module, acl, that is probably better to use than doing these in shells: http://docs.ansible.com/ansible/acl_module.html.