Issue #20001 has been updated by Charlie Sharpsteen. Description updated
---------------------------------------- Bug #20001: File type can't only use setgid for directory, and skip over files https://projects.puppetlabs.com/issues/20001#change-89732 * Author: James Shubin * Status: Unreviewed * Priority: High * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: * Branch: ---------------------------------------- Given a directory: <pre> $dir = '/some/dir/' </pre> You may wish to recursively ensure a certain mode such as: u=rw,g=r As you all know, this cleverly adds +x to directories, but not to files. (good!) You may also decide that you'd like to setgid (+s) for the directory... <pre> File { "${dir}": mode => 'u=rw,g=rs,o=r', recurse => true, } </pre> ... but NOT for it's contents. These two semantics are very different, since setgid for a directory, ensures new files/dirs have the group you want, however adding this to an executable file can be quite dangerous! You can't do this: <pre> File { "${dir}": mode => 'u=rw,g=r,o=r', recurse => true, } File { "${dir}": mode => 'g+s', recurse => false, } </pre> because that's a duplicate definition. So: by default, I think: 1) +s for g should act like +x currently does (except opposite) -- for +s only apply it to the directory, even when recurse is true. 2) If some flag like recurse_setgid => true, then you can recursively add the +s I marked this as high, because I think the current behaviour is very dangerous. Note: in the interim, I suppose you could cheat and run an exec { "chmod g+s ${dir}":} I stumbled upon this problem when I realized setgid is a useful property to add to /etc/puppet/, but not for /etc/puppet/files/* James -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
