On Sep 27, 6:23 pm, Corey Osman <co...@logicminds.biz>
wrote:> How do I go about using puppet to set an ACL on a file. I did not see ACL
support under the file type.
>
> Has anybody done this before without using exec?
>
> Example:
>
> # Set ACL on directory
> setfacl -R -d -m mask:007 /directory
The command you present as an example can have no Puppet equivalent
other than an Exec, because the state change it directs depends on the
current state of the resources it affects. Or looking at it from the
opposite direction, Puppet has no way to determine whether the
affected resources are already in the target state. That is not the
way Puppet works, except Exec.
If Puppet did support managing file ACLs then it would do so via the
File resource type. If you check that type you will find
''owner'',
''group'', and ''mode'' properties, along with
several pertinent to
SELinux; these are what you have to work with. There is also the
''recurse'' property for extending the scope of a directory
declaration
to all its contents, recursively, but it is likely to cause you
trouble if the files affected that way are many or collectively large.
It is conceivable that File could be extended to allow you to specify
an ACL, but manifests would need to specify the full ACL that was
desired, for application via ''setfacl --set'' (NOT
''setfacl --
modify'' ). It would be tricky to get this right because of the
overlap between such a property and File''s other properties, but it in
principle it could be done.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.