Issue #3761 has been updated by Luke Kanies. Status changed from Needs design decision to Rejected
I agree - I think this is a bad idea for Puppet to directly support. You can support something like it with sudo. I think we should have a 'lock resource from modifications' option, but that should require root access. I'd be happy to have that feature request filed. ---------------------------------------- Feature #3761: allow ability to temporarily disable puppet on a file/directory by a non-privileged user http://projects.puppetlabs.com/issues/3761 Author: Jeff Behl Status: Rejected Priority: Normal Assigned to: Luke Kanies Category: plumbing Target version: Affected version: 0.25.4 Keywords: Branch: I'm looking for the ability to disable puppet from modifying a file or directory by specifying an arbitrary file or file extension. The use case for this is when a sysadmin (someone with root) is unavailable and a specific file needs to be altered in an emergency situation by a programmer/non-elite. eg: /apps/companyA-app1/conf/my.conf is under puppet control. However, in an emergency situation, I'd like a non-privileged engineer to have the ability to touch a file 'my.conf.NOPUPPET' which would stop the file from being modified by puppet. doing this would be the equivalent of puppet not being able to modify the file - I'd expect an error. Another variation would be to have the ability to touch a "PUPPET-DISABLED" file in the /conf/ directory (or it's parent, /apps/companyA-app1/) that would keep puppet from modifying any files in the /conf/ directory. The reason for this would be the engineer doesn't know exactly what files are under puppet control. Doing so would break dependencies - it would be as if the directory conf/ (or /apps/companyA-app1/ in the second example) didn't exist and/or couldn't be created. For a bit more discussion, I brought this up in: http://groups.google.com/group/puppet-users/browse_frm/thread/b2bc8b70d7c49a9a -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
