# ansible.builtin.lineinfile This module ensures a particular line is in a file, or replace an existing line using a back-referenced [regular expression](../../Regex.md). ## Parameter | Parameter | Type | Default | Description | | ----------------- | ------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **attributes** | string | - | The attributes the resulting filesystem object should have. To get supported flags look at the man page for [chattr](../../../applications/cli/system/chattr.md) on the target system. The = operator is assumed as default, otherwise + or - operators need to be included in the string. | | **backup** | boolean | false | Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. | | **create** | boolean | false | Create a new file if it does not exist. | | **firstmatch** | boolean | false | Used with `insertafter` or `insertbefore`.  If set, `insertafter` and `insertbefore` will work with the first line that matches the given [regular expression](../../Regex.md). | | **group** | string | false | Name of the group that should own the filesystem object, as would be fed to _chown_. | | **insertafter** | string | - | Used with `state=present`.

If specified, the line will be inserted after the last match of specified [regular expression](../../Regex.md).

If the first match is required, use(`firstmatch=yes`).

A special value is available; `EOF` for inserting the line at the end of the file.

If specified [regular expression](../../Regex.md) has no matches, `EOF` will be used instead.

If `insertbefore` is set, default value `EOF` will be ignored. | | **insertbefore** | string | - | Used with `state=present`.

If specified, the line will be inserted before the last match of specified [regular expression](../../Regex.md).

If the first match is required, use `firstmatch=yes`.

A value is available; `BOF` for inserting the line at the beginning of the file.

If specified [regular expression](../../Regex.md) has no matches, the line will be inserted at the end of the file. | | **line** | string | - | The line to insert/replace into the file. | | **mode** | string | - | The permissions the resulting filesystem object should have. | | **owner** | string | - | Name of the user that should own the filesystem object, as would be fed to _chown_. | | **path** | path | - | The file to modify. | | **regexp** | string | - | The [regular expression](../../Regex.md) to look for in every line of the file. | | **search_string** | string | - | The literal string to look for in every line of the file. This does not have to match the entire line. | | **state** | string | "present" | Whether the line should be there or not.

Choices:

- `absent`
- `present` | | **validate** | string | - | The validation command to run before copying the updated file into the final destination. | ## Examples ```yaml # NOTE: Before 2.3, option 'dest', 'destfile' or 'name' was used instead of 'path' - name: Ensure SELinux is set to enforcing mode ansible.builtin.lineinfile: path: /etc/selinux/config regexp: '^SELINUX=' line: SELINUX=enforcing - name: Make sure group wheel is not in the sudoers configuration ansible.builtin.lineinfile: path: /etc/sudoers state: absent regexp: '^%wheel' - name: Replace a localhost entry with our own ansible.builtin.lineinfile: path: /etc/hosts regexp: '^127\.0\.0\.1' line: 127.0.0.1 localhost owner: root group: root mode: '0644' - name: Replace a localhost entry searching for a literal string to avoid escaping ansible.builtin.lineinfile: path: /etc/hosts search_string: '127.0.0.1' line: 127.0.0.1 localhost owner: root group: root mode: '0644' - name: Ensure the default Apache port is 8080 ansible.builtin.lineinfile: path: /etc/httpd/conf/httpd.conf regexp: '^Listen ' insertafter: '^#Listen ' line: Listen 8080 - name: Ensure php extension matches new pattern ansible.builtin.lineinfile: path: /etc/httpd/conf/httpd.conf search_string: '' insertafter: '^\t\n' line: ' ' - name: Ensure we have our own comment added to /etc/services ansible.builtin.lineinfile: path: /etc/services regexp: '^# port for http' insertbefore: '^www.*80/tcp' line: '# port for http by default' - name: Add a line to a file if the file does not exist, without passing regexp ansible.builtin.lineinfile: path: /tmp/testfile line: 192.168.1.99 foo.lab.net foo create: yes # NOTE: Yaml requires escaping backslashes in double quotes but not in single quotes - name: Ensure the JBoss memory settings are exactly as needed ansible.builtin.lineinfile: path: /opt/jboss-as/bin/standalone.conf regexp: '^(.*)Xms(\d+)m(.*)$' line: '\1Xms${xms}m\3' backrefs: yes # NOTE: Fully quoted because of the ': ' on the line. See the Gotchas in the YAML docs. - name: Validate the sudoers file before saving ansible.builtin.lineinfile: path: /etc/sudoers state: present regexp: '^%ADMIN ALL=' line: '%ADMIN ALL=(ALL) NOPASSWD: ALL' validate: /usr/sbin/visudo -cf %s # See https://docs.python.org/3/library/re.html for further details on syntax - name: Use backrefs with alternative group syntax to avoid conflicts with variable values ansible.builtin.lineinfile: path: /tmp/config regexp: ^(host=).* line: \g<1>{{ hostname }} backrefs: yes ```