Puppet users - Jun 2011 - Different users within same exec

I have the following exec in my manifest :

exec { some_exec:
    path => [
"/bin","/usr/bin","/usr/local/bin" ],
    command => "EXECUTE COMMAND 1",
    onlyif => "EXECUTE COMMAND 2",
    logoutput => "on_failure"
 } 

I want that the "COMMAND 1" should be executed by "USER 1"
and
"COMMAND 2" should be executed by "USER 2". Is there a way
to do it ?
I tried giving the "users" parameter, but that seems to apply to both
the commands.

Thanks in advance,

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Use su -c <cmd> user?
--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community



On Fri, Jun 24, 2011 at 3:06 PM, ssk1287 <kulkarni.swarnim@gmail.com>
wrote:
> I have the following exec in my manifest :
>
> exec { some_exec:
>    path => [
"/bin","/usr/bin","/usr/local/bin" ],
>    command => "EXECUTE COMMAND 1",
>    onlyif => "EXECUTE COMMAND 2",
>    logoutput => "on_failure"
>  }
>
> I want that the "COMMAND 1" should be executed by "USER
1" and
> "COMMAND 2" should be executed by "USER 2". Is there a
way to do it ?
> I tried giving the "users" parameter, but that seems to apply to
both
> the commands.
>
> Thanks in advance,
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

That is exactly what I ended up using. Isn''t there a more
"puppetty"
way of doing this ?

On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com>
wrote:
> Use su -c <cmd> user?
> --
> Nathan Clemonshttp://www.livemocha.com
> The worlds largest online language learning communityOn Fri, Jun 24, 2011
at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote:
> > I have the following exec in my manifest :
>
> > exec { some_exec:
> >    path => [
"/bin","/usr/bin","/usr/local/bin" ],
> >    command => "EXECUTE COMMAND 1",
> >    onlyif => "EXECUTE COMMAND 2",
> >    logoutput => "on_failure"
> >  }
>
> > I want that the "COMMAND 1" should be executed by "USER
1" and
> > "COMMAND 2" should be executed by "USER 2". Is
there a way to do it ?
> > I tried giving the "users" parameter, but that seems to
apply to both
> > the commands.
>
> > Thanks in advance,
>
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Nope.  If you feel strongly that there should be, you can drop in a
feature request or submit a patch, and we would be happy to consider
it.  Generally, though, it seems like a very strange requirement.  I
can''t imagine why you would need to do those operations as different
users, although I absolutely believe you when you say that you do.

It would be very helpful, so, if you could explain what the root cause
of that need is.  :)

Daniel

On Sat, Jun 25, 2011 at 06:54, ssk1287 <kulkarni.swarnim@gmail.com>
wrote:
> That is exactly what I ended up using. Isn''t there a more
"puppetty"
> way of doing this ?
>
> On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com> wrote:
>> Use su -c <cmd> user?
>> --
>> Nathan Clemonshttp://www.livemocha.com
>> The worlds largest online language learning communityOn Fri, Jun 24,
2011 at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote:
>> > I have the following exec in my manifest :
>>
>> > exec { some_exec:
>> >    path => [
"/bin","/usr/bin","/usr/local/bin" ],
>> >    command => "EXECUTE COMMAND 1",
>> >    onlyif => "EXECUTE COMMAND 2",
>> >    logoutput => "on_failure"
>> >  }
>>
>> > I want that the "COMMAND 1" should be executed by
"USER 1" and
>> > "COMMAND 2" should be executed by "USER 2". Is
there a way to do it ?
>> > I tried giving the "users" parameter, but that seems to
apply to both
>> > the commands.
>>
>> > Thanks in advance,
>>
>> > --
>> > You received this message because you are subscribed to the Google
Groups
>> > "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> >http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman <daniel@puppetlabs.com>
✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775
♲ Made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Consider the following scenario.

I have a PROCESS 1 triggered by COMMAND 1 which is run by USER 1 that
creates a folder FOLDER 1 which is owned by the root as it should be
accessible to all users of the system. Now, before I run COMMAND 1, I
need to run a command COMMAND 2 that clean ups this FOLDER 1 that was
created during the previous run so as to have a fresh start. Since
FOLDER 1 is owned by root, I need to run COMMAND 2 as a root user but
my COMMAND 1 is run by USER 1.

On Jun 25, 1:56 pm, Daniel Pittman <dan...@puppetlabs.com>
wrote:
> Nope.  If you feel strongly that there should be, you can drop in a
> feature request or submit a patch, and we would be happy to consider
> it.  Generally, though, it seems like a very strange requirement.  I
> can''t imagine why you would need to do those operations as
different
> users, although I absolutely believe you when you say that you do.
>
> It would be very helpful, so, if you could explain what the root cause
> of that need is.  :)
>
> Daniel
>
> On Sat, Jun 25, 2011 at 06:54, ssk1287 <kulkarni.swar...@gmail.com>
wrote:
> > That is exactly what I ended up using. Isn''t there a more
"puppetty"
> > way of doing this ?
>
> > On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com> wrote:
> >> Use su -c <cmd> user?
> >> --
> >> Nathan Clemonshttp://www.livemocha.com
> >> The worlds largest online language learning communityOn Fri, Jun
24, 2011 at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote:
> >> > I have the following exec in my manifest :
>
> >> > exec { some_exec:
> >> >    path => [
"/bin","/usr/bin","/usr/local/bin" ],
> >> >    command => "EXECUTE COMMAND 1",
> >> >    onlyif => "EXECUTE COMMAND 2",
> >> >    logoutput => "on_failure"
> >> >  }
>
> >> > I want that the "COMMAND 1" should be executed by
"USER 1" and
> >> > "COMMAND 2" should be executed by "USER
2". Is there a way to do it ?
> >> > I tried giving the "users" parameter, but that
seems to apply to both
> >> > the commands.
>
> >> > Thanks in advance,
>
> >> > --
> >> > You received this message because you are subscribed to the
Google Groups
> >> > "Puppet Users" group.
> >> > To post to this group, send email to
puppet-users@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> > puppet-users+unsubscribe@googlegroups.com.
> >> > For more options, visit this group at
> >> >http://groups.google.com/group/puppet-users?hl=en.
>
> > --
> > You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
>
> --
> ⎋ Puppet Labs Developer –http://puppetlabs.com
> ✉ Daniel Pittman <dan...@puppetlabs.com>
> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775
> ♲ Made with 100 percent post-consumer electrons
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Given root can override the DACL, in the absence of SELinux, both
commands could be run as root, no?

Anyway, I am happy to assume that there is some part of the cleanup
process that requires running as the unprivileged user, and which is
not about DACL overrides or whatever; filing a new feature request
would be the next logic step here, so that we capture your needs.

Until then, you are kind of stuck with something like using
''su'' to
change UID in one of the commands.

Daniel

On Sun, Jun 26, 2011 at 11:01, ssk1287 <kulkarni.swarnim@gmail.com>
wrote:
> Consider the following scenario.
>
> I have a PROCESS 1 triggered by COMMAND 1 which is run by USER 1 that
> creates a folder FOLDER 1 which is owned by the root as it should be
> accessible to all users of the system. Now, before I run COMMAND 1, I
> need to run a command COMMAND 2 that clean ups this FOLDER 1 that was
> created during the previous run so as to have a fresh start. Since
> FOLDER 1 is owned by root, I need to run COMMAND 2 as a root user but
> my COMMAND 1 is run by USER 1.
>
> On Jun 25, 1:56 pm, Daniel Pittman <dan...@puppetlabs.com> wrote:
>> Nope.  If you feel strongly that there should be, you can drop in a
>> feature request or submit a patch, and we would be happy to consider
>> it.  Generally, though, it seems like a very strange requirement.  I
>> can''t imagine why you would need to do those operations as
different
>> users, although I absolutely believe you when you say that you do.
>>
>> It would be very helpful, so, if you could explain what the root cause
>> of that need is.  :)
>>
>> Daniel
>>
>> On Sat, Jun 25, 2011 at 06:54, ssk1287
<kulkarni.swar...@gmail.com> wrote:
>> > That is exactly what I ended up using. Isn''t there a more
"puppetty"
>> > way of doing this ?
>>
>> > On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com>
wrote:
>> >> Use su -c <cmd> user?
>> >> --
>> >> Nathan Clemonshttp://www.livemocha.com
>> >> The worlds largest online language learning communityOn Fri,
Jun 24, 2011 at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote:
>> >> > I have the following exec in my manifest :
>>
>> >> > exec { some_exec:
>> >> >    path => [
"/bin","/usr/bin","/usr/local/bin" ],
>> >> >    command => "EXECUTE COMMAND 1",
>> >> >    onlyif => "EXECUTE COMMAND 2",
>> >> >    logoutput => "on_failure"
>> >> >  }
>>
>> >> > I want that the "COMMAND 1" should be executed
by "USER 1" and
>> >> > "COMMAND 2" should be executed by "USER
2". Is there a way to do it ?
>> >> > I tried giving the "users" parameter, but that
seems to apply to both
>> >> > the commands.
>>
>> >> > Thanks in advance,
>>
>> >> > --
>> >> > You received this message because you are subscribed to
the Google Groups
>> >> > "Puppet Users" group.
>> >> > To post to this group, send email to
puppet-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > puppet-users+unsubscribe@googlegroups.com.
>> >> > For more options, visit this group at
>> >> >http://groups.google.com/group/puppet-users?hl=en.
>>
>> > --
>> > You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
>>
>> --
>> ⎋ Puppet Labs Developer –http://puppetlabs.com
>> ✉ Daniel Pittman <dan...@puppetlabs.com>
>> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775
>> ♲ Made with 100 percent post-consumer electrons
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman <daniel@puppetlabs.com>
✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775
♲ Made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

I agree with Daniel... if USER 1 is creating FOLDER 1 which is owned by
root... why is COMMAND 1 not being run by the user root?

--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community



On Sun, Jun 26, 2011 at 11:01 AM, ssk1287
<kulkarni.swarnim@gmail.com>wrote:
> Consider the following scenario.
>
> I have a PROCESS 1 triggered by COMMAND 1 which is run by USER 1 that
> creates a folder FOLDER 1 which is owned by the root as it should be
> accessible to all users of the system. Now, before I run COMMAND 1, I
> need to run a command COMMAND 2 that clean ups this FOLDER 1 that was
> created during the previous run so as to have a fresh start. Since
> FOLDER 1 is owned by root, I need to run COMMAND 2 as a root user but
> my COMMAND 1 is run by USER 1.
>
> On Jun 25, 1:56 pm, Daniel Pittman <dan...@puppetlabs.com> wrote:
> > Nope.  If you feel strongly that there should be, you can drop in a
> > feature request or submit a patch, and we would be happy to consider
> > it.  Generally, though, it seems like a very strange requirement.  I
> > can''t imagine why you would need to do those operations as
different
> > users, although I absolutely believe you when you say that you do.
> >
> > It would be very helpful, so, if you could explain what the root cause
> > of that need is.  :)
> >
> > Daniel
> >
> > On Sat, Jun 25, 2011 at 06:54, ssk1287
<kulkarni.swar...@gmail.com>
> wrote:
> > > That is exactly what I ended up using. Isn''t there a
more "puppetty"
> > > way of doing this ?
> >
> > > On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com>
wrote:
> > >> Use su -c <cmd> user?
> > >> --
> > >> Nathan Clemonshttp://www.livemocha.com
> > >> The worlds largest online language learning communityOn Fri,
Jun 24,
> 2011 at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote:
> > >> > I have the following exec in my manifest :
> >
> > >> > exec { some_exec:
> > >> >    path => [
"/bin","/usr/bin","/usr/local/bin" ],
> > >> >    command => "EXECUTE COMMAND 1",
> > >> >    onlyif => "EXECUTE COMMAND 2",
> > >> >    logoutput => "on_failure"
> > >> >  }
> >
> > >> > I want that the "COMMAND 1" should be executed
by "USER 1" and
> > >> > "COMMAND 2" should be executed by "USER
2". Is there a way to do it
> ?
> > >> > I tried giving the "users" parameter, but that
seems to apply to
> both
> > >> > the commands.
> >
> > >> > Thanks in advance,
> >
> > >> > --
> > >> > You received this message because you are subscribed to
the Google
> Groups
> > >> > "Puppet Users" group.
> > >> > To post to this group, send email to
puppet-users@googlegroups.com.
> > >> > To unsubscribe from this group, send email to
> > >> > puppet-users+unsubscribe@googlegroups.com.
> > >> > For more options, visit this group at
> > >> >http://groups.google.com/group/puppet-users?hl=en.
> >
> > > --
> > > You received this message because you are subscribed to the
Google
> Groups "Puppet Users" group.
> > > To post to this group, send email to
puppet-users@googlegroups.com.
> > > To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> > > For more options, visit this group athttp://
> groups.google.com/group/puppet-users?hl=en.
> >
> > --
> > ⎋ Puppet Labs Developer –http://puppetlabs.com
> > ✉ Daniel Pittman <dan...@puppetlabs.com>
> > ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775
> > ♲ Made with 100 percent post-consumer electrons
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 06/26/2011 02:01 PM, ssk1287 wrote:
> Consider the following scenario.
>
> a folder FOLDER 1 which is owned by the root as it should be
> accessible to all users of the system.
>    
That''s your mistake, right there.  If you want a folder
accessible to all users then make it group writable for
some group (FOLDER1_GROUP) and put all the users in that group.

To ensure that this propagates to sub-directories set the SGID bit
on the top directory (and any preexisting sub-directories).
New sub-directories will then inherit the group and the SGID bit.

The commands to do that all run as root.

-- 
vagn

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.