scarts
2011-Apr-12 12:13 UTC
[Puppet Users] noob question - How to manage uid/gid changes outside home directory with puppet?
If I create a user resource and specify UID and a group resource and specify GID where the user and group may or may not already exist, in the case where the user or group does exist would it be best practice to: 1) Have puppet change the uid/gid values, then post this change, trawl through logs to find old & new uid/gid values and manually run find to recursively change files and directories outside the users home directory, or 2) Use some type of exec to trigger on user/group resource refesh only to run the same thing automatically? I''m in two minds, in that the second option means I don''t have to do anything manually but I also wouldn''t want the exec triggered if I just change something like the user comment for example. If an exec is okay to use in these cases, then how would I get the ''old'' uid/gid value into a puppet variable before I make the change, as I would need to know this in order to run the chown/chgrp automatically. Thanks for your time. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Denmat
2011-Apr-12 23:23 UTC
Re: [Puppet Users] noob question - How to manage uid/gid changes outside home directory with puppet?
Hi, This sounds like a once change as you implement puppet, right? I don''t imagine you want to run that as part of a manifest. What I would do is get a current list of uid numbers for your users and after running puppet on your hosts for the first time, run a find searching on the uid number and issue an chown as it finds them to the uid number. Be easier and possibly more thorough than doing it in puppet or by searching logs. Cheers, Den On 12/04/2011, at 22:13, scarts <stephenandmindi@me.com> wrote:> If I create a user resource and specify UID and a group resource and > specify GID where the user and group may or may not already exist, in > the case where the user or group does exist would it be best practice > to: > > 1) Have puppet change the uid/gid values, then post this change, trawl > through logs to find old & new uid/gid values and manually run find to > recursively change files and directories outside the users home > directory, or > > 2) Use some type of exec to trigger on user/group resource refesh only > to run the same thing automatically? > > I''m in two minds, in that the second option means I don''t have to do > anything manually but I also wouldn''t want the exec triggered if I > just change something like the user comment for example. > > If an exec is okay to use in these cases, then how would I get the > ''old'' uid/gid value into a puppet variable before I make the change, > as I would need to know this in order to run the chown/chgrp > automatically. > > Thanks for your time. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Stephen Carter
2011-Apr-13 04:26 UTC
Re: [Puppet Users] noob question - How to manage uid/gid changes outside home directory with puppet?
Thanks Den, You''re right of course. I think I''ll go down that route but still set uid/gid in the manifest and use a log watcher to alert me whenever puppet changes a user or group id. That way I know my users are all good and don''t gave to do pre-change audits and just deal with anomalies as they turn up manually. SteveC On 13 Apr 2011, at 00:23, Denmat <tu2bgone@gmail.com> wrote:> Hi, > > This sounds like a once change as you implement puppet, right? I don''t imagine you want to run that as part of a manifest. > > What I would do is get a current list of uid numbers for your users and after running puppet on your hosts for the first time, run a find searching on the uid number and issue an chown as it finds them to the uid number. > > Be easier and possibly more thorough than doing it in puppet or by searching logs. > > Cheers, > Den > On 12/04/2011, at 22:13, scarts <stephenandmindi@me.com> wrote: > >> If I create a user resource and specify UID and a group resource and >> specify GID where the user and group may or may not already exist, in >> the case where the user or group does exist would it be best practice >> to: >> >> 1) Have puppet change the uid/gid values, then post this change, trawl >> through logs to find old & new uid/gid values and manually run find to >> recursively change files and directories outside the users home >> directory, or >> >> 2) Use some type of exec to trigger on user/group resource refesh only >> to run the same thing automatically? >> >> I''m in two minds, in that the second option means I don''t have to do >> anything manually but I also wouldn''t want the exec triggered if I >> just change something like the user comment for example. >> >> If an exec is okay to use in these cases, then how would I get the >> ''old'' uid/gid value into a puppet variable before I make the change, >> as I would need to know this in order to run the chown/chgrp >> automatically. >> >> Thanks for your time. >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.