Is this still not natively available within Puppet? On Wednesday, September 28, 2011 8:23:52 AM UTC-5, jcbollinger wrote: > > > > On Sep 27, 6:23 pm, Corey Osman <[email protected]> wrote: > > How do I go about using puppet to set an ACL on a file. I did not see > ACL support under the file type. > > > > Has anybody done this before without using exec? > > > > Example: > > > > # Set ACL on directory > > setfacl -R -d -m mask:007 /directory > > > The command you present as an example can have no Puppet equivalent > other than an Exec, because the state change it directs depends on the > current state of the resources it affects. Or looking at it from the > opposite direction, Puppet has no way to determine whether the > affected resources are already in the target state. That is not the > way Puppet works, except Exec. > > If Puppet did support managing file ACLs then it would do so via the > File resource type. If you check that type you will find 'owner', > 'group', and 'mode' properties, along with several pertinent to > SELinux; these are what you have to work with. There is also the > 'recurse' property for extending the scope of a directory declaration > to all its contents, recursively, but it is likely to cause you > trouble if the files affected that way are many or collectively large. > > It is conceivable that File could be extended to allow you to specify > an ACL, but manifests would need to specify the full ACL that was > desired, for application via 'setfacl --set' (NOT 'setfacl -- > modify' ). It would be tricky to get this right because of the > overlap between such a property and File's other properties, but it in > principle it could be done. > > > John >
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/863505b1-51d7-41fb-8c4c-d383406f45f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
