Alexandros Kosiaris has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/377056 )
Change subject: user homes: Allow git to control +x for $HOME files ...................................................................... user homes: Allow git to control +x for $HOME files Using an octal mode for recursive management of per-user home directory contents forces exactly those permissions on the managed files. This means that files like $HOME/bin/foo will end up provisioned with 0644 permissions even if the file was stored in git with `--chmod=+x` permissions. Using symbolic permissions instead will only modify the bits that have been explicitly provided. The new symbolic mode will ensure that files are readable by all users, directories are traversable by all users, and both files and directories are writable by the owner. The execute bit for files will not be modified from the git managed value. Change-Id: I6bd9be8a946fef97df4b1f759a50afb59561ae15 --- M modules/admin/manifests/user.pp 1 file changed, 12 insertions(+), 9 deletions(-) Approvals: Alexandros Kosiaris: Verified; Looks good to me, approved Addshore: Looks good to me, but someone else must approve diff --git a/modules/admin/manifests/user.pp b/modules/admin/manifests/user.pp index 310d8f1..e7f45f3 100644 --- a/modules/admin/manifests/user.pp +++ b/modules/admin/manifests/user.pp @@ -71,18 +71,21 @@ # Puppet chokes if we try to absent subfiles to /home/${user} if $ensure == 'present' { file { "/home/${name}": - ensure => ensure_directory($ensure), - source => [ + ensure => ensure_directory($ensure), + source => [ "puppet:///modules/admin/home/${name}/", 'puppet:///modules/admin/home/skel/', ], - sourceselect => 'first', - recurse => 'remote', - mode => '0644', - owner => $name, - group => $gid, - force => true, - require => User[$name], + sourceselect => 'first', + recurse => 'remote', + # Use source_permissions so that +x bit from git will be applied + # on the files when they are provisioned on hosts. + source_permissions => 'use', + mode => undef, + owner => $name, + group => $gid, + force => true, + require => User[$name], } } -- To view, visit https://gerrit.wikimedia.org/r/377056 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I6bd9be8a946fef97df4b1f759a50afb59561ae15 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BryanDavis <bda...@wikimedia.org> Gerrit-Reviewer: Addshore <addshorew...@gmail.com> Gerrit-Reviewer: Alex Monk <kren...@gmail.com> Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org> Gerrit-Reviewer: BryanDavis <bda...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits