+1 On Nov 24, 2009, at 8:04 PM, Jesse Wolfe wrote:
> Add a flag "manage_internal_file_permissions" which is enabled by > default. Disabling this flag prevents Puppet from managing the owner, > group, or mode of files created from > Puppet::Util::Settings::FileSetting > > I think this is a wide enough net to follow Luke's suggestion of > "disable management of everything", and it certainly satisfies the > requests I'm aware of, but if I've missed anything, let me know. > > Signed-off-by: Jesse Wolfe <[email protected]> > --- > lib/puppet/defaults.rb | 4 ++++ > lib/puppet/util/settings/file_setting.rb | 11 +++++++---- > spec/unit/util/settings/file_setting.rb | 25 +++++++++++++++++++++ > ++++ > 3 files changed, 36 insertions(+), 4 deletions(-) > > diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb > index f128e60..67d4a42 100644 > --- a/lib/puppet/defaults.rb > +++ b/lib/puppet/defaults.rb > @@ -86,6 +86,10 @@ module Puppet > :mkusers => [false, > "Whether to create the necessary user and group that > puppetd will > run as."], > + :manage_internal_file_permissions => [true, > + "Whether Puppet should manage the owner, group, and > mode of files > + it uses internally" > + ], > :path => {:default => "none", > :desc => "The shell search path. Defaults to whatever > is inherited > from the parent process.", > diff --git a/lib/puppet/util/settings/file_setting.rb b/lib/puppet/ > util/settings/file_setting.rb > index 573628f..2dfbcf4 100644 > --- a/lib/puppet/util/settings/file_setting.rb > +++ b/lib/puppet/util/settings/file_setting.rb > @@ -89,11 +89,14 @@ class Puppet::Util::Settings::FileSetting < > Puppet::Util::Settings::Setting > return nil if path =~ /^\/dev/ > > resource = Puppet::Resource.new(:file, path) > - resource[:mode] = self.mode if self.mode > > - if Puppet.features.root? > - resource[:owner] = self.owner if self.owner > - resource[:group] = self.group if self.group > + if Puppet[:manage_internal_file_permissions] > + resource[:mode] = self.mode if self.mode > + > + if Puppet.features.root? > + resource[:owner] = self.owner if self.owner > + resource[:group] = self.group if self.group > + end > end > > resource[:ensure] = type > diff --git a/spec/unit/util/settings/file_setting.rb b/spec/unit/ > util/settings/file_setting.rb > index 74d68fb..dfe4d25 100755 > --- a/spec/unit/util/settings/file_setting.rb > +++ b/spec/unit/util/settings/file_setting.rb > @@ -169,18 +169,43 @@ describe Puppet::Util::Settings::FileSetting do > @file.to_resource[:mode].should == 0755 > end > > + it "should not set the mode on a the file if > manage_internal_file_permissions is disabled" do > + Puppet[:manage_internal_file_permissions] = false > + > + @file.stubs(:mode).returns(0755) > + > + @file.to_resource[:mode].should == nil > + end > + > it "should set the owner if running as root and the owner is > provided" do > Puppet.features.expects(:root?).returns true > @file.stubs(:owner).returns "foo" > @file.to_resource[:owner].should == "foo" > end > > + it "should not set the owner if > manage_internal_file_permissions is disabled" do > + Puppet[:manage_internal_file_permissions] = false > + Puppet.features.stubs(:root?).returns true > + @file.stubs(:owner).returns "foo" > + > + @file.to_resource[:owner].should == nil > + end > + > it "should set the group if running as root and the group is > provided" do > Puppet.features.expects(:root?).returns true > @file.stubs(:group).returns "foo" > @file.to_resource[:group].should == "foo" > end > > + it "should not set the group if > manage_internal_file_permissions is disabled" do > + Puppet[:manage_internal_file_permissions] = false > + Puppet.features.stubs(:root?).returns true > + @file.stubs(:group).returns "foo" > + > + @file.to_resource[:group].should == nil > + end > + > + > it "should not set owner if not running as root" do > Puppet.features.expects(:root?).returns false > @file.stubs(:owner).returns "foo" > -- > 1.6.3.3 > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected] > . > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en > . > > -- In science, 'fact' can only mean 'confirmed to such a degree that it would be perverse to withhold provisional assent.' I suppose that apples might start to rise tomorrow, but the possibility does not merit equal time in physics classrooms. -- Stephen Jay Gould --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
