diff --git a/ansible/roles/dev-tools/defaults/main.yml b/ansible/roles/dev-tools/defaults/main.yml
index bcae9cbf9..eb61072c7 100644
--- a/ansible/roles/dev-tools/defaults/main.yml
+++ b/ansible/roles/dev-tools/defaults/main.yml
@@ -1,6 +1,9 @@
 ---
 # List of default packages to install.
 dev_tools_packages_default:
+  # NOTE(mgoddard): The acl package is required for the setfacl command, used by
+  # become_user.
+  - acl
   - bash-completion
   - tcpdump
   - vim
diff --git a/ansible/roles/pip/tasks/pip_conf.yml b/ansible/roles/pip/tasks/pip_conf.yml
index ce164f365..6d473da0e 100644
--- a/ansible/roles/pip/tasks/pip_conf.yml
+++ b/ansible/roles/pip/tasks/pip_conf.yml
@@ -1,13 +1,4 @@
 ---
-# NOTE(mgoddard): The acl package is required for the setfacl command, used by
-# become_user.
-- name: Ensure acl package is installed
-  package:
-    name: acl
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
-  become: true
-
 - name: Create local .pip directory
   file:
     path: "~{{ item }}/.pip"
diff --git a/releasenotes/notes/install-acl-package-0f21c110cd07537c.yaml b/releasenotes/notes/install-acl-package-0f21c110cd07537c.yaml
new file mode 100644
index 000000000..d67d8f860
--- /dev/null
+++ b/releasenotes/notes/install-acl-package-0f21c110cd07537c.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where a custom playbook using `become_user` could fail when
+    setting permissions on temporary files. The `acl` package is now installed
+    on all systems by default.