I have the following exec in my manifest : exec { some_exec: path => [ "/bin","/usr/bin","/usr/local/bin" ], command => "EXECUTE COMMAND 1", onlyif => "EXECUTE COMMAND 2", logoutput => "on_failure" } I want that the "COMMAND 1" should be executed by "USER 1" and "COMMAND 2" should be executed by "USER 2". Is there a way to do it ? I tried giving the "users" parameter, but that seems to apply to both the commands. Thanks in advance, -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Use su -c <cmd> user? -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 3:06 PM, ssk1287 <kulkarni.swarnim@gmail.com> wrote:> I have the following exec in my manifest : > > exec { some_exec: > path => [ "/bin","/usr/bin","/usr/local/bin" ], > command => "EXECUTE COMMAND 1", > onlyif => "EXECUTE COMMAND 2", > logoutput => "on_failure" > } > > I want that the "COMMAND 1" should be executed by "USER 1" and > "COMMAND 2" should be executed by "USER 2". Is there a way to do it ? > I tried giving the "users" parameter, but that seems to apply to both > the commands. > > Thanks in advance, > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
That is exactly what I ended up using. Isn''t there a more "puppetty" way of doing this ? On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com> wrote:> Use su -c <cmd> user? > -- > Nathan Clemonshttp://www.livemocha.com > The worlds largest online language learning communityOn Fri, Jun 24, 2011 at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote: > > I have the following exec in my manifest : > > > exec { some_exec: > > path => [ "/bin","/usr/bin","/usr/local/bin" ], > > command => "EXECUTE COMMAND 1", > > onlyif => "EXECUTE COMMAND 2", > > logoutput => "on_failure" > > } > > > I want that the "COMMAND 1" should be executed by "USER 1" and > > "COMMAND 2" should be executed by "USER 2". Is there a way to do it ? > > I tried giving the "users" parameter, but that seems to apply to both > > the commands. > > > Thanks in advance, > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Daniel Pittman
2011-Jun-25 18:56 UTC
Re: [Puppet Users] Re: Different users within same exec
Nope. If you feel strongly that there should be, you can drop in a feature request or submit a patch, and we would be happy to consider it. Generally, though, it seems like a very strange requirement. I can''t imagine why you would need to do those operations as different users, although I absolutely believe you when you say that you do. It would be very helpful, so, if you could explain what the root cause of that need is. :) Daniel On Sat, Jun 25, 2011 at 06:54, ssk1287 <kulkarni.swarnim@gmail.com> wrote:> That is exactly what I ended up using. Isn''t there a more "puppetty" > way of doing this ? > > On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com> wrote: >> Use su -c <cmd> user? >> -- >> Nathan Clemonshttp://www.livemocha.com >> The worlds largest online language learning communityOn Fri, Jun 24, 2011 at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote: >> > I have the following exec in my manifest : >> >> > exec { some_exec: >> > path => [ "/bin","/usr/bin","/usr/local/bin" ], >> > command => "EXECUTE COMMAND 1", >> > onlyif => "EXECUTE COMMAND 2", >> > logoutput => "on_failure" >> > } >> >> > I want that the "COMMAND 1" should be executed by "USER 1" and >> > "COMMAND 2" should be executed by "USER 2". Is there a way to do it ? >> > I tried giving the "users" parameter, but that seems to apply to both >> > the commands. >> >> > Thanks in advance, >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Puppet Users" group. >> > To post to this group, send email to puppet-users@googlegroups.com. >> > To unsubscribe from this group, send email to >> > puppet-users+unsubscribe@googlegroups.com. >> > For more options, visit this group at >> >http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <daniel@puppetlabs.com> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Consider the following scenario. I have a PROCESS 1 triggered by COMMAND 1 which is run by USER 1 that creates a folder FOLDER 1 which is owned by the root as it should be accessible to all users of the system. Now, before I run COMMAND 1, I need to run a command COMMAND 2 that clean ups this FOLDER 1 that was created during the previous run so as to have a fresh start. Since FOLDER 1 is owned by root, I need to run COMMAND 2 as a root user but my COMMAND 1 is run by USER 1. On Jun 25, 1:56 pm, Daniel Pittman <dan...@puppetlabs.com> wrote:> Nope. If you feel strongly that there should be, you can drop in a > feature request or submit a patch, and we would be happy to consider > it. Generally, though, it seems like a very strange requirement. I > can''t imagine why you would need to do those operations as different > users, although I absolutely believe you when you say that you do. > > It would be very helpful, so, if you could explain what the root cause > of that need is. :) > > Daniel > > On Sat, Jun 25, 2011 at 06:54, ssk1287 <kulkarni.swar...@gmail.com> wrote: > > That is exactly what I ended up using. Isn''t there a more "puppetty" > > way of doing this ? > > > On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com> wrote: > >> Use su -c <cmd> user? > >> -- > >> Nathan Clemonshttp://www.livemocha.com > >> The worlds largest online language learning communityOn Fri, Jun 24, 2011 at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote: > >> > I have the following exec in my manifest : > > >> > exec { some_exec: > >> > path => [ "/bin","/usr/bin","/usr/local/bin" ], > >> > command => "EXECUTE COMMAND 1", > >> > onlyif => "EXECUTE COMMAND 2", > >> > logoutput => "on_failure" > >> > } > > >> > I want that the "COMMAND 1" should be executed by "USER 1" and > >> > "COMMAND 2" should be executed by "USER 2". Is there a way to do it ? > >> > I tried giving the "users" parameter, but that seems to apply to both > >> > the commands. > > >> > Thanks in advance, > > >> > -- > >> > You received this message because you are subscribed to the Google Groups > >> > "Puppet Users" group. > >> > To post to this group, send email to puppet-users@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > puppet-users+unsubscribe@googlegroups.com. > >> > For more options, visit this group at > >> >http://groups.google.com/group/puppet-users?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. > > -- > ⎋ Puppet Labs Developer –http://puppetlabs.com > ✉ Daniel Pittman <dan...@puppetlabs.com> > ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 > ♲ Made with 100 percent post-consumer electrons-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Daniel Pittman
2011-Jun-26 18:24 UTC
Re: [Puppet Users] Re: Different users within same exec
Given root can override the DACL, in the absence of SELinux, both commands could be run as root, no? Anyway, I am happy to assume that there is some part of the cleanup process that requires running as the unprivileged user, and which is not about DACL overrides or whatever; filing a new feature request would be the next logic step here, so that we capture your needs. Until then, you are kind of stuck with something like using ''su'' to change UID in one of the commands. Daniel On Sun, Jun 26, 2011 at 11:01, ssk1287 <kulkarni.swarnim@gmail.com> wrote:> Consider the following scenario. > > I have a PROCESS 1 triggered by COMMAND 1 which is run by USER 1 that > creates a folder FOLDER 1 which is owned by the root as it should be > accessible to all users of the system. Now, before I run COMMAND 1, I > need to run a command COMMAND 2 that clean ups this FOLDER 1 that was > created during the previous run so as to have a fresh start. Since > FOLDER 1 is owned by root, I need to run COMMAND 2 as a root user but > my COMMAND 1 is run by USER 1. > > On Jun 25, 1:56 pm, Daniel Pittman <dan...@puppetlabs.com> wrote: >> Nope. If you feel strongly that there should be, you can drop in a >> feature request or submit a patch, and we would be happy to consider >> it. Generally, though, it seems like a very strange requirement. I >> can''t imagine why you would need to do those operations as different >> users, although I absolutely believe you when you say that you do. >> >> It would be very helpful, so, if you could explain what the root cause >> of that need is. :) >> >> Daniel >> >> On Sat, Jun 25, 2011 at 06:54, ssk1287 <kulkarni.swar...@gmail.com> wrote: >> > That is exactly what I ended up using. Isn''t there a more "puppetty" >> > way of doing this ? >> >> > On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com> wrote: >> >> Use su -c <cmd> user? >> >> -- >> >> Nathan Clemonshttp://www.livemocha.com >> >> The worlds largest online language learning communityOn Fri, Jun 24, 2011 at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote: >> >> > I have the following exec in my manifest : >> >> >> > exec { some_exec: >> >> > path => [ "/bin","/usr/bin","/usr/local/bin" ], >> >> > command => "EXECUTE COMMAND 1", >> >> > onlyif => "EXECUTE COMMAND 2", >> >> > logoutput => "on_failure" >> >> > } >> >> >> > I want that the "COMMAND 1" should be executed by "USER 1" and >> >> > "COMMAND 2" should be executed by "USER 2". Is there a way to do it ? >> >> > I tried giving the "users" parameter, but that seems to apply to both >> >> > the commands. >> >> >> > Thanks in advance, >> >> >> > -- >> >> > You received this message because you are subscribed to the Google Groups >> >> > "Puppet Users" group. >> >> > To post to this group, send email to puppet-users@googlegroups.com. >> >> > To unsubscribe from this group, send email to >> >> > puppet-users+unsubscribe@googlegroups.com. >> >> > For more options, visit this group at >> >> >http://groups.google.com/group/puppet-users?hl=en. >> >> > -- >> > You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> > To post to this group, send email to puppet-users@googlegroups.com. >> > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> > For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. >> >> -- >> ⎋ Puppet Labs Developer –http://puppetlabs.com >> ✉ Daniel Pittman <dan...@puppetlabs.com> >> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 >> ♲ Made with 100 percent post-consumer electrons > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <daniel@puppetlabs.com> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nathan Clemons
2011-Jun-26 23:56 UTC
Re: [Puppet Users] Re: Different users within same exec
I agree with Daniel... if USER 1 is creating FOLDER 1 which is owned by root... why is COMMAND 1 not being run by the user root? -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Sun, Jun 26, 2011 at 11:01 AM, ssk1287 <kulkarni.swarnim@gmail.com>wrote:> Consider the following scenario. > > I have a PROCESS 1 triggered by COMMAND 1 which is run by USER 1 that > creates a folder FOLDER 1 which is owned by the root as it should be > accessible to all users of the system. Now, before I run COMMAND 1, I > need to run a command COMMAND 2 that clean ups this FOLDER 1 that was > created during the previous run so as to have a fresh start. Since > FOLDER 1 is owned by root, I need to run COMMAND 2 as a root user but > my COMMAND 1 is run by USER 1. > > On Jun 25, 1:56 pm, Daniel Pittman <dan...@puppetlabs.com> wrote: > > Nope. If you feel strongly that there should be, you can drop in a > > feature request or submit a patch, and we would be happy to consider > > it. Generally, though, it seems like a very strange requirement. I > > can''t imagine why you would need to do those operations as different > > users, although I absolutely believe you when you say that you do. > > > > It would be very helpful, so, if you could explain what the root cause > > of that need is. :) > > > > Daniel > > > > On Sat, Jun 25, 2011 at 06:54, ssk1287 <kulkarni.swar...@gmail.com> > wrote: > > > That is exactly what I ended up using. Isn''t there a more "puppetty" > > > way of doing this ? > > > > > On Jun 24, 5:41 pm, Nathan Clemons <nat...@livemocha.com> wrote: > > >> Use su -c <cmd> user? > > >> -- > > >> Nathan Clemonshttp://www.livemocha.com > > >> The worlds largest online language learning communityOn Fri, Jun 24, > 2011 at 3:06 PM, ssk1287 <kulkarni.swar...@gmail.com> wrote: > > >> > I have the following exec in my manifest : > > > > >> > exec { some_exec: > > >> > path => [ "/bin","/usr/bin","/usr/local/bin" ], > > >> > command => "EXECUTE COMMAND 1", > > >> > onlyif => "EXECUTE COMMAND 2", > > >> > logoutput => "on_failure" > > >> > } > > > > >> > I want that the "COMMAND 1" should be executed by "USER 1" and > > >> > "COMMAND 2" should be executed by "USER 2". Is there a way to do it > ? > > >> > I tried giving the "users" parameter, but that seems to apply to > both > > >> > the commands. > > > > >> > Thanks in advance, > > > > >> > -- > > >> > You received this message because you are subscribed to the Google > Groups > > >> > "Puppet Users" group. > > >> > To post to this group, send email to puppet-users@googlegroups.com. > > >> > To unsubscribe from this group, send email to > > >> > puppet-users+unsubscribe@googlegroups.com. > > >> > For more options, visit this group at > > >> >http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > > To post to this group, send email to puppet-users@googlegroups.com. > > > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > > > For more options, visit this group athttp:// > groups.google.com/group/puppet-users?hl=en. > > > > -- > > ⎋ Puppet Labs Developer –http://puppetlabs.com > > ✉ Daniel Pittman <dan...@puppetlabs.com> > > ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 > > ♲ Made with 100 percent post-consumer electrons > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 06/26/2011 02:01 PM, ssk1287 wrote:> Consider the following scenario. > > a folder FOLDER 1 which is owned by the root as it should be > accessible to all users of the system. >That''s your mistake, right there. If you want a folder accessible to all users then make it group writable for some group (FOLDER1_GROUP) and put all the users in that group. To ensure that this propagates to sub-directories set the SGID bit on the top directory (and any preexisting sub-directories). New sub-directories will then inherit the group and the SGID bit. The commands to do that all run as root. -- vagn -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.