Hi, on Understanding privilege escalation: become — Ansible Community Documentation the term POSIX.1e filesystem ACL support is mentioned.
What exactly does this mean?
From https://unix.stackexchange.com/questions/489820/why-was-posix-1e-withdrawn it seems that standard was withdrawn.
For my use case I am running stock Debian 12 or 13 with ext4, and I wonder if that is good enough
My reading is that it will attempt to use setfacl if it can. man setfacl has a section titled “CONFORMANCE TO POSIX 1003.1e DRAFT STANDARD 17” and lists changes in behavior if the environment variable POSIXLY_CORRECT is defined. It isn’t clear (to me) whether Ansible defines POSIXLY_CORRECT when it attempts to use setfacl, which I think is at the crux of your question.
That is good enough. Even if the ext4 filesystem is mounted with extended ACLs disabled (which is unlikely), Ansible should fall back on the other methods listed in the Understanding privilege escalation document you cited.