# ansible.builtin.lineinfile
This module ensures a particular line is in a file, or replace an existing line using a back-referenced [regular expression](../../Regex.md).
## Parameter
| Parameter | Type | Default | Description |
| ----------------- | ------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **attributes** | string | - | The attributes the resulting filesystem object should have. To get supported flags look at the man page for [chattr](../../../applications/cli/system/chattr.md) on the target system. The = operator is assumed as default, otherwise + or - operators need to be included in the string. |
| **backup** | boolean | false | Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. |
| **create** | boolean | false | Create a new file if it does not exist. |
| **firstmatch** | boolean | false | Used with `insertafter` or `insertbefore`. If set, `insertafter` and `insertbefore` will work with the first line that matches the given [regular expression](../../Regex.md). |
| **group** | string | false | Name of the group that should own the filesystem object, as would be fed to _chown_. |
| **insertafter** | string | - | Used with `state=present`.
If specified, the line will be inserted after the last match of specified [regular expression](../../Regex.md).
If the first match is required, use(`firstmatch=yes`).
A special value is available; `EOF` for inserting the line at the end of the file.
If specified [regular expression](../../Regex.md) has no matches, `EOF` will be used instead.
If `insertbefore` is set, default value `EOF` will be ignored. |
| **insertbefore** | string | - | Used with `state=present`.
If specified, the line will be inserted before the last match of specified [regular expression](../../Regex.md).
If the first match is required, use `firstmatch=yes`.
A value is available; `BOF` for inserting the line at the beginning of the file.
If specified [regular expression](../../Regex.md) has no matches, the line will be inserted at the end of the file. |
| **line** | string | - | The line to insert/replace into the file. |
| **mode** | string | - | The permissions the resulting filesystem object should have. |
| **owner** | string | - | Name of the user that should own the filesystem object, as would be fed to _chown_. |
| **path** | path | - | The file to modify. |
| **regexp** | string | - | The [regular expression](../../Regex.md) to look for in every line of the file. |
| **search_string** | string | - | The literal string to look for in every line of the file. This does not have to match the entire line. |
| **state** | string | "present" | Whether the line should be there or not.
Choices:
- `absent`
- `present` |
| **validate** | string | - | The validation command to run before copying the updated file into the final destination. |
## Examples
```yaml
# NOTE: Before 2.3, option 'dest', 'destfile' or 'name' was used instead of 'path'
- name: Ensure SELinux is set to enforcing mode
ansible.builtin.lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=enforcing
- name: Make sure group wheel is not in the sudoers configuration
ansible.builtin.lineinfile:
path: /etc/sudoers
state: absent
regexp: '^%wheel'
- name: Replace a localhost entry with our own
ansible.builtin.lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1'
line: 127.0.0.1 localhost
owner: root
group: root
mode: '0644'
- name: Replace a localhost entry searching for a literal string to avoid escaping
ansible.builtin.lineinfile:
path: /etc/hosts
search_string: '127.0.0.1'
line: 127.0.0.1 localhost
owner: root
group: root
mode: '0644'
- name: Ensure the default Apache port is 8080
ansible.builtin.lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^Listen '
insertafter: '^#Listen '
line: Listen 8080
- name: Ensure php extension matches new pattern
ansible.builtin.lineinfile:
path: /etc/httpd/conf/httpd.conf
search_string: ''
insertafter: '^\t\n'
line: ' '
- name: Ensure we have our own comment added to /etc/services
ansible.builtin.lineinfile:
path: /etc/services
regexp: '^# port for http'
insertbefore: '^www.*80/tcp'
line: '# port for http by default'
- name: Add a line to a file if the file does not exist, without passing regexp
ansible.builtin.lineinfile:
path: /tmp/testfile
line: 192.168.1.99 foo.lab.net foo
create: yes
# NOTE: Yaml requires escaping backslashes in double quotes but not in single quotes
- name: Ensure the JBoss memory settings are exactly as needed
ansible.builtin.lineinfile:
path: /opt/jboss-as/bin/standalone.conf
regexp: '^(.*)Xms(\d+)m(.*)$'
line: '\1Xms${xms}m\3'
backrefs: yes
# NOTE: Fully quoted because of the ': ' on the line. See the Gotchas in the YAML docs.
- name: Validate the sudoers file before saving
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
regexp: '^%ADMIN ALL='
line: '%ADMIN ALL=(ALL) NOPASSWD: ALL'
validate: /usr/sbin/visudo -cf %s
# See https://docs.python.org/3/library/re.html for further details on syntax
- name: Use backrefs with alternative group syntax to avoid conflicts with variable values
ansible.builtin.lineinfile:
path: /tmp/config
regexp: ^(host=).*
line: \g<1>{{ hostname }}
backrefs: yes
```