On Monday, October 28, 2013 4:07:55 PM UTC-5, Rob Reynolds wrote:
>
>
>
>
> On Mon, Oct 28, 2013 at 2:59 PM, John Bollinger
> <[email protected]<javascript:>
> > wrote:
>
>>
>> Moreover, if ACEs are separate resources then they can be decentralized.
>> Suppose, for instance, that a module managing some application needs to
>> create a local user and grant that user permissions to access some system
>> directory. All is good if it can just drop an appropriate ACE in place,
>> but it's an awful mess if the module needs to manage a whole ACL of a
>> directory that doesn't belong to it. Especially so when you consider that
>> no resource can be declared more than once.
>>
>
>
> How would this model look? Noting that last items about a resource being
> declared more than once.
>
>
The application module in question would simply declare the needed Ace
resource(s). We're talking about permissions for a user belonging to the
module, so there should be no conflict with any other module. Such an ACE
resource might look like my previous example:
ace { 'my_app_user/some_dir':
identity => 'my_app_user',
file => 'c:/windows/temp/some_dir',
priority => 100,
rights => 'modify',
type => 'allow'
}
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/0a600829-4d42-4a80-bcd6-e9d3889d0b45%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
